From: jeppe at bundsgaard dot net
Operating system: FreeBSD 6.1/Apache/2.2.3
PHP version: 5.2.0
PHP Bug Type: Reproducible crash
Bug description: preg_match() crashes Apache
Description:
------------
I have the same problems as reported in bug #27070. When running pretty
simple preg_match'es on medium size subjects (a few 10.000 bytes), apache
crashes reporting:
[Thu Jan 04 11:27:11 2007] [notice] child pid 2793 exit signal Illegal
instruction (4)
I have tried with the same code as reported in #27070 - it crashes.
The scripts that crashes in real world do not crash in php 4.X.
Reproduce code:
---------------
<?php
# This script crashes Apache :
$subject = str_repeat("a",13800);
preg_match("/(a)*/",$subject);
echo "OK";
# NB: The length of $subject (here 13800) may depend on
# your system. It seems to be related to the memory_limit
# directive (mine is 8M) but not in the way that
# one would expect (it doesn't seem to be something
# like "If I give more memory, then I need a larger
# subject to crash Apache").
# It doesn't crash if I use the pattern "/a*/" instead
# of "/(a)*/".
?>
Expected result:
----------------
OK
Actual result:
--------------
This is the httpd-error.log: [Thu Jan 04 11:27:11 2007] [notice] child pid
2793 exit signal Illegal instruction (4)
This is what I can produce from the coredump. Don't know if that's what is
asked for?
#0 0x00000000 in ?? ()
#1 0x294ccea4 in ?? ()
#2 0x294d5a20 in ?? ()
#3 0x280b23d8 in ?? () from /libexec/ld-elf.so.1
#4 0xbfbfea68 in ?? ()
#5 0x28098b3e in _rtld_error () from /libexec/ld-elf.so.1
#6 0x294d3308 in ?? ()
#7 0x280b1018 in tls_dtv_generation () from /libexec/ld-elf.so.1
#8 0x280b23d8 in ?? () from /libexec/ld-elf.so.1
#9 0xbfbfea78 in ?? ()
#10 0x2809908e in elf_hash () from /libexec/ld-elf.so.1
#11 0x2809b970 in dlclose () from /libexec/ld-elf.so.1
#12 0x286f72b4 in ?? () from /usr/local/libexec/apache22/libphp5.so
#13 0x286f734f in ?? () from /usr/local/libexec/apache22/libphp5.so
#14 0x286eddb4 in ?? () from /usr/local/libexec/apache22/libphp5.so
#15 0x286b7463 in ?? () from /usr/local/libexec/apache22/libphp5.so
#16 0x286b7517 in ?? () from /usr/local/libexec/apache22/libphp5.so
#17 0x28766c39 in ?? () from /usr/local/libexec/apache22/libphp5.so
#18 0x28206f1d in run_cleanups () from /usr/local/lib/libapr-1.so.2
#19 0x28207c6d in apr_pool_clear () from /usr/local/lib/libapr-1.so.2
#20 0x080619b0 in main ()
--
Edit bug report at http://bugs.php.net/?id=40022&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=40022&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=40022&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=40022&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=40022&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=40022&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=40022&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=40022&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=40022&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=40022&r=support
Expected behavior: http://bugs.php.net/fix.php?id=40022&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=40022&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=40022&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=40022&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40022&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=40022&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=40022&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=40022&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=40022&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=40022&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=40022&r=mysqlcfg
