#26469 [NEW]: Reproducible crash on regexp

f23wop602 at sneakemail dot com Sat, 29 Nov 2003 18:19:27 -0800

From:             f23wop602 at sneakemail dot com
Operating system: RH7 2.2.16-22
PHP version:      4.3.4
PHP Bug Type:     Reproducible crash
Bug description:  Reproducible crash on regexp


Description:
------------
We had some crashes, and after some tracking we found a regexp which
crashes on specific data. The data is contained in the script in the URL
below, I cut it down as much as I could while still triggering the crash.

Reproduce code:
---------------
http://test.wikipedia.org/crash-php4.3.4.txt

Most of it is just data, the crash occurs on the regexp on the data at the
end.

Actual result:
--------------
(gdb) bt
#0  0x808225c in match (
    eptr=0x81b4ec0 "kuterat: Enligt ''Miller'' (53) kommer en Psi-liknande
form (&Psi;) av kappa från Proto-Kanaaneiska. Kappa stod troligtvis för
/k/ såväl som /k_h/ i tidig grekisk ortografi och senare återinfördes
den"..., ecode=0x81b5e56 "8ÿÿÿÿ\177ÿÿÿÿÿÿï", 'ÿ' <repeats 20 times>, "=",
offset_top=4, md=0xbfffca50, ims=0,
    eptrb=0xbf800198, flags=2) at
/tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:4986
#1  0x808236e in match (
    eptr=0x81b4ec0 "kuterat: Enligt ''Miller'' (53) kommer en Psi-liknande
form (&Psi;) av kappa från Proto-Kanaaneiska. Kappa stod troligtvis för
/k/ såväl som /k_h/ i tidig grekisk ortografi och senare återinfördes
den"..., ecode=0x81b5e53 "M", offset_top=4, md=0xbfffca50, ims=0,
eptrb=0xbf800198, flags=2)
    at /tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5059
#2  0x8082eb0 in match (
    eptr=0x81b4ec0 "kuterat: Enligt ''Miller'' (53) kommer en Psi-liknande
form (&Psi;) av kappa från Proto-Kanaaneiska. Kappa stod troligtvis för
/k/ såväl som /k_h/ i tidig grekisk ortografi och senare återinfördes
den"..., ecode=0x81b5e7e "?", offset_top=4, md=0xbfffca50, ims=0,
eptrb=0xbf800678, flags=2)
    at /tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5583

[snip]

#11143 0x808236e in match (
    eptr=0x81b38fd
">\r\n\t<td>[[Rho]]</td>\r\n\t<td>[rO:]</td>\r\n\t<td>[ro]</td>\r\n\t<td>&nbsp;</td>\r\n\t<td>[r]</td>\r\n\t<td>[r]</td>\r\n\t<td>100</td>\r\n\t<td>&#x5e8;
Resh</td>\r\n\t<td>&amp;rho;</td></tr>\r\n<tr><td>&Sigma;
&sigma;</td>\r\n\t<"..., ecode=0x81b5e53 "M", offset_top=4, md=0xbfffca50,
ims=0,
    eptrb=0xbfea1838, flags=2) at
/tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5059
#11144 0x8082eb0 in match (
    eptr=0x81b38fd
">\r\n\t<td>[[Rho]]</td>\r\n\t<td>[rO:]</td>\r\n\t<td>[ro]</td>\r\n\t<td>&nbsp;</td>\r\n\t<td>[r]</td>\r\n\t<td>[r]</td>\r\n\t<td>100</td>\r\n\t<td>&#x5e8;
Resh</td>\r\n\t<td>&amp;rho;</td></tr>\r\n<tr><td>&Sigma;
&sigma;</td>\r\n\t<"..., ecode=0x81b5e7e "?", offset_top=4, md=0xbfffca50,
ims=0,
    eptrb=0xbfea1d18, flags=2) at
/tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5583
#11145 0x808236e in match (
    eptr=0x81b38fc
"d>\r\n\t<td>[[Rho]]</td>\r\n\t<td>[rO:]</td>\r\n\t<td>[ro]</td>\r\n\t<td>&nbsp;</td>\r\n\t<td>[r]</td>\r\n\t<td>[r]</td>\r\n\t<td>100</td>\r\n\t<td>&#x5e8;
Resh</td>\r\n\t<td>&amp;rho;</td></tr>\r\n<tr><td>&Sigma;
&sigma;</td>\r\n\t"..., ecode=0x81b5e53 "M", offset_top=4, md=0xbfffca50,
ims=0,
    eptrb=0xbfea1d18, flags=2) at
/tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5059
#11146 0x8082eb0 in match (
    eptr=0x81b38fc
"d>\r\n\t<td>[[Rho]]</td>\r\n\t<td>[rO:]</td>\r\n\t<td>[ro]</td>\r\n\t<td>&nbsp;</td>\r\n\t<td>[r]</td>\r\n\t<td>[r]</td>\r\n\t<td>100</td>\r\n\t<td>&#x5e8;
Resh</td>\r\n\t<td>&amp;rho;</td></tr>\r\n<tr><td>&Sigma;
&sigma;</td>\r\n\t"..., ecode=0x81b5e7e "?", offset_top=4, md=0xbfffca50,
ims=0,
    eptrb=0xbfea21f8, flags=2) at
/tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5583
#11147 0x808236e in match (
    eptr=0x81b38fb
"td>\r\n\t<td>[[Rho]]</td>\r\n\t<td>[rO:]</td>\r\n\t<td>[ro]</td>\r\n\t<td>&nbsp;</td>\r\n\t<td>[r]</td>\r\n\t<td>[r]</td>\r\n\t<td>100</td>\r\n\t<td>&#x5e8;
Resh</td>\r\n\t<td>&amp;rho;</td></tr>\r\n<tr><td>&Sigma;
&sigma;</td>\r\n"..., ecode=0x81b5e53 "M", offset_top=4, md=0xbfffca50,
ims=0, eptrb=0xbfea21f8,
    flags=2) at /tmp/php-4.3.4/ext/pcre/pcrelib/pcre.c:5059
#11148 0x8082eb0 in match (
    eptr=0x81b38fb
"td>\r\n\t<td>[[Rho]]</td>\r\n\t<td>[rO:]</td>\r\n\t<td>[ro]</td>\r\n\t<td>&nbsp;</td>\r\n\t<td>[r]</td>\r\n\t<td>[r]</td>\r\n\t<td>100</td>\r\n\t<td>&#x5e8;
Resh</td>\r\n\t<td>&amp;rho;</td></tr>\r\n<tr><td>&Sigma;
&sigma;</td>\r\n"..., ecode=0x81b5e7e "?", offset_top=4, md=0xbfffca50,
ims=0, eptrb=0xbfea26d8,

And so on... You get the idea

-- 
Edit bug report at http://bugs.php.net/?id=26469&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=26469&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=26469&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=26469&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=26469&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=26469&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=26469&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=26469&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=26469&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=26469&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=26469&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=26469&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=26469&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26469&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=26469&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=26469&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=26469&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26469&r=float

#26469 [NEW]: Reproducible crash on regexp

Reply via email to