Bug #61920 [Com]: "Segmentation fault" when \xfe is a part of mb_eregi_replace pattern

Reeze dot xia at gmail dot com Sat, 05 May 2012 05:59:20 -0700

Edit report at https://bugs.php.net/bug.php?id=61920&edit=1


 ID:                 61920
 Comment by:         Reeze dot xia at gmail dot com
 Reported by:        wo...@php.net
 Summary:            "Segmentation fault" when \xfe is a part of
                     mb_eregi_replace pattern
 Status:             Assigned
 Type:               Bug
 Package:            mbstring related
 Operating System:   Linux Ubuntu 10.04.2 LTS
 PHP Version:        5.3.11
 Assigned To:        moriyoshi
 Block user comment: N
 Private report:     N

 New Comment:

This is the bug of bundled oniguruma in 5.3
5.4 upgrade it but 5.3 didn't. 

Upgrade the bundled oniguruma can fix the bug.


Previous Comments:
------------------------------------------------------------------------
[2012-05-03 14:48:25] larue...@php.net

only for php5.3,  5.4 works fine.  bt is:

Core was generated by `php53 -r mb_regex_encoding ("UTF-
8");mb_internal_encoding("UTF-8");echo mb_ereg'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000005f3273 in next_state_val (cc=0x2406d48, vs=0x7fff1e996960, v=0, 
vs_israw=0x7fff1e9969b8, v_israw=0, intype=CCV_SB, 
    type=0x7fff1e9969b4, state=0x7fff1e9969b0, env=0x7fff1e996cb0)
    at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:3973
3973          BITSET_SET_BIT(cc->bs, (int )(*vs));
(gdb) bt
#0  0x00000000005f3273 in next_state_val (cc=0x2406d48, vs=0x7fff1e996960, v=0, 
vs_israw=0x7fff1e9969b8, v_israw=0, intype=CCV_SB, 
    type=0x7fff1e9969b4, state=0x7fff1e9969b0, env=0x7fff1e996cb0)
    at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:3973
#1  0x00000000005f3f26 in parse_char_class (np=0x7fff1e996b48, 
tok=0x7fff1e996bf0, src=0x7fff1e996c70, end=0x2516b24 "", env=0x7fff1e996cb0)
    at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:4342
#2  0x00000000005f58ff in parse_exp (np=0x7fff1e996b48, tok=0x7fff1e996bf0, 
term=0, src=0x7fff1e996c70, end=0x2516b24 "", 
    env=0x7fff1e996cb0) at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:5019
#3  0x00000000005f609f in parse_branch (top=0x7fff1e996ba8, tok=0x7fff1e996bf0, 
term=0, src=0x7fff1e996c70, end=0x2516b24 "", 
    env=0x7fff1e996cb0) at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:5171
#4  0x00000000005f620a in parse_subexp (top=0x7fff1e996d98, tok=0x7fff1e996bf0, 
term=0, src=0x7fff1e996c70, end=0x2516b24 "", 
    env=0x7fff1e996cb0) at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:5208
#5  0x00000000005f6391 in parse_regexp (top=0x7fff1e996d98, src=0x7fff1e996c70, 
end=0x2516b24 "", env=0x7fff1e996cb0)
    at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:5252
#6  0x00000000005f6464 in onig_parse_make_tree (root=0x7fff1e996d98, 
pattern=0x2516b20 "[^\376]", end=0x2516b24 "", reg=0x24f9450, 
    env=0x7fff1e996cb0) at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regparse.c:5279
#7  0x00000000005de803 in onig_compile (reg=0x24f9450, pattern=0x2516b20 "
[^\376]", pattern_end=0x2516b24 "", einfo=0x7fff1e996e60)
    at /home/huixinchen/opensource/php-5.3/ext/mbstring/oniguruma/regcomp.c:5168
#8  0x00000000005deed5 in onig_new (reg=0x7fff1e996e78, pattern=0x2516b20 "
[^\376]", pattern_end=0x2516b24 "", option=13, enc=0x112a280, 
    syntax=0x1129dc0, einfo=0x7fff1e996e60) at /home/huixinchen/opensource/php-
5.3/ext/mbstring/oniguruma/regcomp.c:5399
#9  0x00000000006280e0 in php_mbregex_compile_pattern (pattern=0x2516b20 "
[^\376]", patlen=4, options=13, enc=0x112a280, syntax=0x1129dc0)
    at /home/huixinchen/opensource/php-5.3/ext/mbstring/php_mbregex.c:458
#10 0x00000000006291f1 in _php_mb_regex_ereg_replace_exec (ht=3, 
return_value=0x2518c28, return_value_ptr=0x0, this_ptr=0x0, 
    return_value_used=1, options=13) at /home/huixinchen/opensource/php-
5.3/ext/mbstring/php_mbregex.c:857
#11 0x000000000062a384 in zif_mb_eregi_replace (ht=3, return_value=0x2518c28, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /home/huixinchen/opensource/php-5.3/ext/mbstring/php_mbregex.c:980
#12 0x00000000008b1a97 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fe8cadd2090)
    at /home/huixinchen/opensource/php-5.3/Zend/zend_vm_execute.h:320
#13 0x00000000008b5fa0 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fe8cadd2090)
    at /home/huixinchen/opensource/php-5.3/Zend/zend_vm_execute.h:1640
#14 0x00000000008b0f70 in execute (op_array=0x2518970) at 
/home/huixinchen/opensource/php-5.3/Zend/zend_vm_execute.h:107
#15 0x000000000086e5f1 in zend_eval_stringl (

------------------------------------------------------------------------
[2012-05-03 08:33:12] wo...@php.net

Description:
------------
I get "Segmentation fault" when \xfe is a part of pattern argument in 
mb_eregi_replace() method.


Test script:
---------------
php -r 'mb_regex_encoding ("UTF-8");mb_internal_encoding("UTF-8");echo 
mb_eregi_replace ("[^\xfe]" , "?" , "\xfe ");'



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61920&edit=1

Bug #61920 [Com]: "Segmentation fault" when \xfe is a part of mb_eregi_replace pattern

Reply via email to