------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=809
Summary: Memory leak when backtracking limit is reached
Product: PCRE
Version: 7.8
Platform: Other
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Code
AssignedTo: ph10@???
ReportedBy: felipensp@???
CC: pcre-dev@???
Hi all,
The pattern below causes mem. leak when error -8 is returned, see this valgrind
log running on pcretest:
==24206== Memcheck, a memory error detector.
==24206== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==24206== Using LibVEX rev 1878, a library for dynamic binary translation.
==24206== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==24206== Using valgrind-3.4.0-Debian, a dynamic binary instrumentation
framework.
==24206== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==24206== For more details, rerun with: -v
==24206==
PCRE version 7.8 2008-09-05
~\{\{?\s*(begin)(?:\s+(.*?))?\}\}?((?:(?R)|.)*?)\{\{?\s*(?:end(?:\s+\2)?)?\s*\}\}?|\{\{(\??(?:[^\}\'"]*([\'"]).*?(?<!\\\\)\5)*.*?)\}\}|\{\s*(if|foreach|section|for|while|switch|literal|capture|php|strip|textformat|dynamic|select|joincalculator|function|helper|form|_if|_foreach|_for|shortcut|block|optgroup)(\s(?:[^\\}\'"]*([\'"]).*?(?<!\\\\)\8)*.*?)?\}((?:(?R)|.)*?)\{/\s*\6?\s*\}|\{(\??(?:[^\\}\'"]*([\'"]).*?(?<!\\\\)\11)*.*?)\}|\r?\n~sig
Memory allocation (code space): 891
Capturing subpattern count = 11
Max back reference = 11
Partial matching not supported
Contains explicit CR or LF match
Options: caseless dotall
No first char
No need char
{?$_debug_info = get_debug_info()}\n{capture assign="debug_output"}\n{if
empty($_debug_charset)}{assign var="_debug_charset"
value="utf-8"}{/if}\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">\n else {ldelim}\n var
title = \'Debug Console_\' + self.name;\n {rdelim}\n _quicky_console =
window.open("", title.value, "width=880, height=600, resizable,
scrollbars=yes");\n
_quicky_console.document.write({$debug_output|native_json_encode});\n
_quicky_console.document.close();\n// ]]>\n</script>\n{/if}
0: {?$_debug_info = get_debug_info()}
1: <unset>
2: <unset>
3: <unset>
4: <unset>
5: <unset>
6: <unset>
7: <unset>
8: <unset>
9: <unset>
10: ?$_debug_info = get_debug_info()
0: \x0a
Error -8
==24206==
==24206== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 17 from 1)
==24206== malloc/free: in use at exit: 180 bytes in 1 blocks.
==24206== malloc/free: 764,275 allocs, 764,274 frees, 137,719,883 bytes
allocated.
==24206== For counts of detected errors, rerun with: -v
==24206== searching for pointers to 1 not-freed blocks.
==24206== checked 72,092 bytes.
==24206==
==24206== 180 bytes in 1 blocks are definitely lost in loss record 1 of 1
==24206== at 0x402401E: malloc (vg_replace_malloc.c:207)
==24206== by 0x80493B6: (within /usr/bin/pcretest)
==24206== by 0x41A9BAF: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41A380D: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41A30B9: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41AA7A2: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41AA7A2: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41AA7A2: (within /usr/lib/libpcre.so.3.12.1)
==24206== by 0x41ACD74: (within /usr/lib/libpcre.so.3.12.1)
==24206==
==24206== LEAK SUMMARY:
==24206== definitely lost: 180 bytes in 1 blocks.
==24206== possibly lost: 0 bytes in 0 blocks.
==24206== still reachable: 0 bytes in 0 blocks.
==24206== suppressed: 0 bytes in 0 blocks.
This issue was originally reported on
http://bugs.php.net/bug.php?id=47352, but
for the reporter it's crashing (under Windows).
The valgrind log running on PHP (Linux):
==24433== 144 bytes in 1 blocks are definitely lost in loss record 1 of 2
==24433== at 0x402401E: malloc (vg_replace_malloc.c:207)
==24433== by 0x807C5A9: match (pcre_exec.c:1046)
==24433== by 0x807C807: match (pcre_exec.c:1107)
==24433== by 0x807BC10: match (pcre_exec.c:773)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BC10: match (pcre_exec.c:773)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
==24433== by 0x807CF5B: match (pcre_exec.c:1313)
==24433== by 0x807BB9E: match (pcre_exec.c:765)
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email