[pcre-dev] [Bug 809] New: Memory leak when backtracking limi…

Top Page
Delete this message
Author: Felipe Pena
Date:  
To: pcre-dev
New-Topics: [pcre-dev] [Bug 809] Memory leak when backtracking limit is reached, [pcre-dev] [Bug 809] Memory leak when backtracking limit is reached, [pcre-dev] [Bug 809] Memory leak when backtracking limit is reached
Subject: [pcre-dev] [Bug 809] New: Memory leak when backtracking limit is reached
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=809
           Summary: Memory leak when backtracking limit is reached
           Product: PCRE
           Version: 7.8
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Code
        AssignedTo: ph10@???
        ReportedBy: felipensp@???
                CC: pcre-dev@???



Hi all,
The pattern below causes mem. leak when error -8 is returned, see this valgrind
log running on pcretest:

==24206== Memcheck, a memory error detector.
==24206== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==24206== Using LibVEX rev 1878, a library for dynamic binary translation.
==24206== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==24206== Using valgrind-3.4.0-Debian, a dynamic binary instrumentation
framework.
==24206== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==24206== For more details, rerun with: -v
==24206==
PCRE version 7.8 2008-09-05

~\{\{?\s*(begin)(?:\s+(.*?))?\}\}?((?:(?R)|.)*?)\{\{?\s*(?:end(?:\s+\2)?)?\s*\}\}?|\{\{(\??(?:[^\}\'"]*([\'"]).*?(?<!\\\\)\5)*.*?)\}\}|\{\s*(if|foreach|section|for|while|switch|literal|capture|php|strip|textformat|dynamic|select|joincalculator|function|helper|form|_if|_foreach|_for|shortcut|block|optgroup)(\s(?:[^\\}\'"]*([\'"]).*?(?<!\\\\)\8)*.*?)?\}((?:(?R)|.)*?)\{/\s*\6?\s*\}|\{(\??(?:[^\\}\'"]*([\'"]).*?(?<!\\\\)\11)*.*?)\}|\r?\n~sig
Memory allocation (code space): 891
Capturing subpattern count = 11
Max back reference = 11
Partial matching not supported
Contains explicit CR or LF match
Options: caseless dotall
No first char
No need char
{?$_debug_info = get_debug_info()}\n{capture assign="debug_output"}\n{if
empty($_debug_charset)}{assign var="_debug_charset"
value="utf-8"}{/if}\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">\n    else {ldelim}\n       var
title = \'Debug Console_\' + self.name;\n    {rdelim}\n    _quicky_console =
window.open("", title.value, "width=880, height=600, resizable,
scrollbars=yes");\n   
_quicky_console.document.write({$debug_output|native_json_encode});\n   
_quicky_console.document.close();\n// ]]>\n</script>\n{/if}
 0: {?$_debug_info = get_debug_info()}
 1: <unset>
 2: <unset>
 3: <unset>
 4: <unset>
 5: <unset>
 6: <unset>
 7: <unset>
 8: <unset>
 9: <unset>
10: ?$_debug_info = get_debug_info()
 0: \x0a
Error -8
==24206== 
==24206== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 17 from 1)
==24206== malloc/free: in use at exit: 180 bytes in 1 blocks.
==24206== malloc/free: 764,275 allocs, 764,274 frees, 137,719,883 bytes
allocated.
==24206== For counts of detected errors, rerun with: -v
==24206== searching for pointers to 1 not-freed blocks.
==24206== checked 72,092 bytes.
==24206== 
==24206== 180 bytes in 1 blocks are definitely lost in loss record 1 of 1
==24206==    at 0x402401E: malloc (vg_replace_malloc.c:207)
==24206==    by 0x80493B6: (within /usr/bin/pcretest)
==24206==    by 0x41A9BAF: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41A380D: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41A30B9: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41AA7A2: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41AA7A2: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41AA7A2: (within /usr/lib/libpcre.so.3.12.1)
==24206==    by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206== 
==24206== LEAK SUMMARY:
==24206==    definitely lost: 180 bytes in 1 blocks.
==24206==      possibly lost: 0 bytes in 0 blocks.
==24206==    still reachable: 0 bytes in 0 blocks.
==24206==         suppressed: 0 bytes in 0 blocks.


This issue was originally reported on http://bugs.php.net/bug.php?id=47352, but
for the reporter it's crashing (under Windows).

The valgrind log running on PHP (Linux):
==24433== 144 bytes in 1 blocks are definitely lost in loss record 1 of 2
==24433==    at 0x402401E: malloc (vg_replace_malloc.c:207)
==24433==    by 0x807C5A9: match (pcre_exec.c:1046)
==24433==    by 0x807C807: match (pcre_exec.c:1107)
==24433==    by 0x807BC10: match (pcre_exec.c:773)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BC10: match (pcre_exec.c:773)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)
==24433==    by 0x807CF5B: match (pcre_exec.c:1313)
==24433==    by 0x807BB9E: match (pcre_exec.c:765)



--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email