Debian Bug report logs -
#649733
php5-cgi: Segmentation fault in preg_replace()
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#649733; Package php5-cgi.
(Wed, 23 Nov 2011 16:30:15 GMT) (full text, mbox, link).
Acknowledgement sent
to Olaf van der Spek <olaf@xwis.net>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Wed, 23 Nov 2011 16:30:15 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php5-cgi
Version: 5.3.3-7+squeeze3
Severity: normal
Hi,
$ php preg.php
Segmentation fault
$ cat preg.php
<?php
preg_replace("/c((\s|.)+?)\/c/", "\\1", 'c' . str_pad('', 16000) . '/c');
Might be limited to x64.
Greetings,
Olaf
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5-cgi depends on:
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-4stable1 common error description library
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
ii libmagic1 5.04-5 File type determination library us
ii libonig2 5.9.1-1 Oniguruma regular expressions libr
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libqdbm14 1.8.77-4 QDBM Database Libraries [runtime]
ii libssl0.9.8 0.9.8o-4squeeze4 SSL shared libraries
ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
ii php5-common 5.3.3-7+squeeze3 Common files for packages built fr
ii tzdata 2011k-0squeeze1 time zone and daylight-saving time
ii ucf 3.0025+nmu1 Update Configuration File: preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
php5-cgi recommends no packages.
Versions of packages php5-cgi suggests:
pn php-pear <none> (no description available)
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#649733; Package php5-cgi.
(Sun, 02 Sep 2012 21:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sean Dubois <seander13@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Sun, 02 Sep 2012 21:27:04 GMT) (full text, mbox, link).
Message #10 received at 649733@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I have attached a backtrace of this.
If the submitter is around would you mind explaining what you were
trying to accomplish with this regex? I am pretty tired and not up for
reading it just yet :)
[PHPRegexbt (application/octet-stream, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#649733; Package php5-cgi.
(Fri, 03 May 2013 10:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Fri, 03 May 2013 10:15:04 GMT) (full text, mbox, link).
Message #15 received at 649733@bugs.debian.org (full text, mbox, reply):
reassign 649733 libpcre3
affects 649733 php5
found 649733 pcre3/8.02-1.1
found 649733 pcre3/1:8.31-2
thank you
The segfault happens in some infinite recursion in libpcre3:
#0 match (eptr=0x7ffff44ea9c1 ' ' <repeats 200 times>...,
ecode=0xf92027 "r", mstart=0x7ffff44e7f30 "c", ' ' <repeats 199
times>..., offset_top=6, md=0x7fffffffa800, eptrb=0x0, rdepth=10898)
at pcre_exec.c:484
#1 0x00007ffff64e8345 in match (eptr=0x7ffff44ea9c1 ' ' <repeats 200
times>..., ecode=<optimized out>, mstart=0x7ffff44e7f30 "c", ' '
<repeats 199 times>..., offset_top=6, md=<optimized out>,
eptrb=0x0, rdepth=10897) at pcre_exec.c:2000
[...]
#10898 0x00007ffff64e5332 in match (eptr=0x7ffff44e7f31 ' ' <repeats
200 times>..., ecode=0xf92015 "\177", mstart=0x7ffff44e7f30 "c", ' '
<repeats 199 times>..., offset_top=2,
md=<optimized out>, eptrb=0x0, rdepth=0) at pcre_exec.c:957
#10899 0x00007ffff64e8f4c in pcre_exec (argument_re=0xf91fe0,
extra_data=0x7fffffffaa70, subject=<optimized out>, length=<optimized
out>, start_offset=0, options=0, offsets=0x7ffff44e7ba0,
offsetcount=9) at pcre_exec.c:6919
#10900 0x0000000000477383 in php_pcre_replace_impl
(pce=0x7ffff4104030, subject=0x7ffff44e7750 "`wN\364\377\177",
subject_len=-197279046, replace_val=0x7fffffffabb0,
is_callable_replace=0,
result_len=0x300000000, limit=4686387,
replace_count=0x7fffffffffff) at
/tmp/buildd/php5-5.4.4/ext/pcre/php_pcre.c:1054
#10901 0x0000000000478233 in php_replace_in_subject
(regex=0x7ffff44e6028, replace=0x7ffff44e5ff8, subject=0x7ffff44b3180,
result_len=0x7fffffffabb0, limit=32767,
is_callable_replace=-196187992,
replace_count=0x4787f7) at /tmp/buildd/php5-5.4.4/ext/pcre/php_pcre.c:1281
#10902 0x00000000004787f7 in preg_replace_impl.isra.9 (ht=3,
return_value=0x7ffff44e5fc8, is_callable_replace=0, is_filter=0) at
/tmp/buildd/php5-5.4.4/ext/pcre/php_pcre.c:1379
#10903 0x0000000000746bd2 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff44b3060) at
/tmp/buildd/php5-5.4.4/Zend/zend_vm_execute.h:642
#10904 0x0000000000700447 in execute (op_array=0x7ffff44e68a8) at
/tmp/buildd/php5-5.4.4/Zend/zend_vm_execute.h:410
#10905 0x00000000006a028e in zend_execute_scripts (type=8,
retval=0x7ffff44e6888, file_count=3) at
/tmp/buildd/php5-5.4.4/Zend/zend.c:1279
#10906 0x000000000063f863 in php_execute_script (primary_file=0x0) at
/tmp/buildd/php5-5.4.4/main/main.c:2473
#10907 0x00000000007491b3 in do_cli (argc=0, argv=0x7fffffffe81f) at
/tmp/buildd/php5-5.4.4/sapi/cli/php_cli.c:988
#10908 0x000000000043110a in main (argc=32767, argv=0xdb9220) at
/tmp/buildd/php5-5.4.4/sapi/cli/php_cli.c:1361
Ondrej
On Wed, Nov 23, 2011 at 5:14 PM, Olaf van der Spek <olaf@xwis.net> wrote:
> Package: php5-cgi
> Version: 5.3.3-7+squeeze3
> Severity: normal
>
> Hi,
>
> $ php preg.php
> Segmentation fault
>
> $ cat preg.php
> <?php
> preg_replace("/c((\s|.)+?)\/c/", "\\1", 'c' . str_pad('', 16000) . '/c');
>
> Might be limited to x64.
>
> Greetings,
>
> Olaf
>
> -- System Information:
> Debian Release: 6.0.3
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5-cgi depends on:
> ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
> ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
> ii libcomerr2 1.41.12-4stable1 common error description library
> ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
> ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - k
> ii libk5crypto3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - C
> ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
> ii libmagic1 5.04-5 File type determination library us
> ii libonig2 5.9.1-1 Oniguruma regular expressions libr
> ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
> ii libqdbm14 1.8.77-4 QDBM Database Libraries [runtime]
> ii libssl0.9.8 0.9.8o-4squeeze4 SSL shared libraries
> ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library
> ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
> ii php5-common 5.3.3-7+squeeze3 Common files for packages built fr
> ii tzdata 2011k-0squeeze1 time zone and daylight-saving time
> ii ucf 3.0025+nmu1 Update Configuration File: preserv
> ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
>
> php5-cgi recommends no packages.
>
> Versions of packages php5-cgi suggests:
> pn php-pear <none> (no description available)
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
--
Ondřej Surý <ondrej@sury.org>
Bug reassigned from package 'php5-cgi' to 'libpcre3'.
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Fri, 03 May 2013 10:15:07 GMT) (full text, mbox, link).
No longer marked as found in versions php5/5.3.3-7+squeeze3.
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Fri, 03 May 2013 10:15:07 GMT) (full text, mbox, link).
Added indication that 649733 affects php5
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Fri, 03 May 2013 10:15:08 GMT) (full text, mbox, link).
Marked as found in versions pcre3/8.02-1.1.
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Fri, 03 May 2013 10:15:09 GMT) (full text, mbox, link).
Marked as found in versions pcre3/1:8.31-2.
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Fri, 03 May 2013 10:15:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 02:49:15 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.