[pcre-dev] [Bug 572] New: PHP 5.2.3 with PCRE 6.7: repeated …

Startseite
Nachricht löschen
Autor: Stefan Teleman
Datum:  
To: pcre-dev
Betreff: [pcre-dev] [Bug 572] New: PHP 5.2.3 with PCRE 6.7: repeated subpattern is too long at ...
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=572
           Summary: PHP 5.2.3 with PCRE 6.7: repeated subpattern is too long
                    at ...
           Product: PCRE
           Version: 6.7
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
        AssignedTo: ph10@???
        ReportedBy: stefan.teleman@???
                CC: pcre-dev@???, stefan.teleman@???



Environment:

OS: Solaris 10 Update 2 06/06
ISA: ia32, amd64, sparcv8 (32-bit), sparcv9 (64-bit)
Compilers: Sun Studio 11 and Sun Studio 12

Description:

Built PHP 5.2.3 32- and 64-bit on all four platforms. All PHP tests included in
PHP's test harness -- including the PCRE tests -- passed.

Installed and running Drupal, Joomla, phpPgAdmin and phpMyAdmin successfully.

Installation of Gallery2 and MediaWiki fail, on all 4 platforms:

preg_match_all() [function: preg-match-all]: Compilation failed: repeated
subpattern is too long at offset ...

Tracked down the origin of this error in pcre_compile.c (pcre_compile2()), and
in the following #defines in pcre's config.h:

#ifndef MAX_NAME_SIZE
#define MAX_NAME_SIZE 32
#endif

#ifndef MAX_NAME_COUNT
#define MAX_NAME_COUNT 10000
#endif

#ifndef MAX_DUPLENGTH
#define MAX_DUPLENGTH 30000
#endif

Increasing these limits in pcre's config.h to:

#ifndef MAX_NAME_SIZE
#define MAX_NAME_SIZE 64
#endif

#ifndef MAX_NAME_COUNT
#define MAX_NAME_COUNT 30000
#endif

#ifndef MAX_DUPLENGTH
#define MAX_DUPLENGTH 60000
#endif

fixes the problem described above. Gallery2 and MediaWiki install and work
fine.

This is more of a question than a bug: Are overflows possible with these new,
increased values ? In other words, are these new limits still within what the
PCRE developers consider to be "safe" ? I realize that this is probably a very
difficult question to answer, since answering it completely and corretctly
would involve evaluating all the possible regular expression pattern matches,
and determining whether or not they would cause overflow, or not.

Reason for this bug/question: Without an "official" position of the PCRE
developers on these increased limits, I cannot have this patch integrated in
Solaris. Without this patch, Gallery2 and MediaWiki with PHP 5.2.3 won't
install.

If these new limits are still within "safe" boundaries, would it be possible to
add the values for these #defines as --options to PCRE's ./configure ? As in:

--with-max-name-size=<value> --with-max-name-count=<value>
--with-max-duplength=<value>

Incidentally, the same error occurs with PCRE 7.0.

Thank you very much for your help.

--Stefan


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email