Bug#405067: [php-maint] Bug#405067: php5-cli: Segfault after infinite
recursion inside pcre - random memory
sean finney
seanius at debian.org
Thu May 10 15:15:16 UTC 2007
tags 405067 confirmed wontfix upstream
forwarded 405067 http://bugs.php.net/bug.php?id=35159
thanks
hi cajus,
On Fri, 2007-03-30 at 09:47 +0200, Cajus Pollmeier wrote:
> Anything new here? Anyone tried with php 5.2.1? So I'd report it to the php
> team - if not already done.
>
> The bug can be reproduced here in cli and pure apache mode. It happens when
> the string to be matched is larger than 4089 bytes and a match happens.
> Everything below just works fine.
sorry for the delay in reponse, pretty much all of my php time has been
spent dealing with the rash of security issues lately.
anyway, regarding this issue: i've seen it mentioned upstream that php
does not handle deep recursion very well, and is prone to crash horribly
if the stack gets too big, because they keep important data such as the
zend mm on the stack. so, "it's not a bug, it's a feature" :).
references:
http://bugs.php.net/bug.php?id=35159
and others (just do a search for "recursive").
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070510/264e48ee/attachment.pgp
More information about the pkg-php-maint
mailing list