[php-maint] Bug#649733: Bug#649733: php5-cgi: Segmentation fault in preg_replace()
Ondřej Surý
ondrej at debian.org
Fri May 3 10:12:38 UTC 2013
reassign 649733 libpcre3
affects 649733 php5
found 649733 pcre3/8.02-1.1
found 649733 pcre3/1:8.31-2
thank you
The segfault happens in some infinite recursion in libpcre3:
#0 match (eptr=0x7ffff44ea9c1 ' ' <repeats 200 times>...,
ecode=0xf92027 "r", mstart=0x7ffff44e7f30 "c", ' ' <repeats 199
times>..., offset_top=6, md=0x7fffffffa800, eptrb=0x0, rdepth=10898)
at pcre_exec.c:484
#1 0x00007ffff64e8345 in match (eptr=0x7ffff44ea9c1 ' ' <repeats 200
times>..., ecode=<optimized out>, mstart=0x7ffff44e7f30 "c", ' '
<repeats 199 times>..., offset_top=6, md=<optimized out>,
eptrb=0x0, rdepth=10897) at pcre_exec.c:2000
[...]
#10898 0x00007ffff64e5332 in match (eptr=0x7ffff44e7f31 ' ' <repeats
200 times>..., ecode=0xf92015 "\177", mstart=0x7ffff44e7f30 "c", ' '
<repeats 199 times>..., offset_top=2,
md=<optimized out>, eptrb=0x0, rdepth=0) at pcre_exec.c:957
#10899 0x00007ffff64e8f4c in pcre_exec (argument_re=0xf91fe0,
extra_data=0x7fffffffaa70, subject=<optimized out>, length=<optimized
out>, start_offset=0, options=0, offsets=0x7ffff44e7ba0,
offsetcount=9) at pcre_exec.c:6919
#10900 0x0000000000477383 in php_pcre_replace_impl
(pce=0x7ffff4104030, subject=0x7ffff44e7750 "`wN\364\377\177",
subject_len=-197279046, replace_val=0x7fffffffabb0,
is_callable_replace=0,
result_len=0x300000000, limit=4686387,
replace_count=0x7fffffffffff) at
/tmp/buildd/php5-5.4.4/ext/pcre/php_pcre.c:1054
#10901 0x0000000000478233 in php_replace_in_subject
(regex=0x7ffff44e6028, replace=0x7ffff44e5ff8, subject=0x7ffff44b3180,
result_len=0x7fffffffabb0, limit=32767,
is_callable_replace=-196187992,
replace_count=0x4787f7) at /tmp/buildd/php5-5.4.4/ext/pcre/php_pcre.c:1281
#10902 0x00000000004787f7 in preg_replace_impl.isra.9 (ht=3,
return_value=0x7ffff44e5fc8, is_callable_replace=0, is_filter=0) at
/tmp/buildd/php5-5.4.4/ext/pcre/php_pcre.c:1379
#10903 0x0000000000746bd2 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff44b3060) at
/tmp/buildd/php5-5.4.4/Zend/zend_vm_execute.h:642
#10904 0x0000000000700447 in execute (op_array=0x7ffff44e68a8) at
/tmp/buildd/php5-5.4.4/Zend/zend_vm_execute.h:410
#10905 0x00000000006a028e in zend_execute_scripts (type=8,
retval=0x7ffff44e6888, file_count=3) at
/tmp/buildd/php5-5.4.4/Zend/zend.c:1279
#10906 0x000000000063f863 in php_execute_script (primary_file=0x0) at
/tmp/buildd/php5-5.4.4/main/main.c:2473
#10907 0x00000000007491b3 in do_cli (argc=0, argv=0x7fffffffe81f) at
/tmp/buildd/php5-5.4.4/sapi/cli/php_cli.c:988
#10908 0x000000000043110a in main (argc=32767, argv=0xdb9220) at
/tmp/buildd/php5-5.4.4/sapi/cli/php_cli.c:1361
Ondrej
On Wed, Nov 23, 2011 at 5:14 PM, Olaf van der Spek <olaf at xwis.net> wrote:
> Package: php5-cgi
> Version: 5.3.3-7+squeeze3
> Severity: normal
>
> Hi,
>
> $ php preg.php
> Segmentation fault
>
> $ cat preg.php
> <?php
> preg_replace("/c((\s|.)+?)\/c/", "\\1", 'c' . str_pad('', 16000) . '/c');
>
> Might be limited to x64.
>
> Greetings,
>
> Olaf
>
> -- System Information:
> Debian Release: 6.0.3
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5-cgi depends on:
> ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
> ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
> ii libcomerr2 1.41.12-4stable1 common error description library
> ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
> ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - k
> ii libk5crypto3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - C
> ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
> ii libmagic1 5.04-5 File type determination library us
> ii libonig2 5.9.1-1 Oniguruma regular expressions libr
> ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
> ii libqdbm14 1.8.77-4 QDBM Database Libraries [runtime]
> ii libssl0.9.8 0.9.8o-4squeeze4 SSL shared libraries
> ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library
> ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
> ii php5-common 5.3.3-7+squeeze3 Common files for packages built fr
> ii tzdata 2011k-0squeeze1 time zone and daylight-saving time
> ii ucf 3.0025+nmu1 Update Configuration File: preserv
> ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
>
> php5-cgi recommends no packages.
>
> Versions of packages php5-cgi suggests:
> pn php-pear <none> (no description available)
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
--
Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint
mailing list