------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=841
Summary: Segmentation fault
Product: PCRE
Version: 7.8
Platform: Other
OS/Version: Windows
Status: NEW
Severity: bug
Priority: medium
Component: Code
AssignedTo: ph10@???
ReportedBy: jkrzyz@???
CC: pcre-dev@???
Created an attachment (id=311)
--> (
http://bugs.exim.org/attachment.cgi?id=311)
Full backtrace
Hi.
One of my php scripts dies with "Segmentation fault" error.
I can reproduce this bug every time (as long as blog entry it processes is
available on net).
I made tests of php from ubuntu package and php 5.2.9 compiled from source with
pcre 7.8 and 7.9RC2 - same result.
Full backtrace made with gdb is quite big. I included it as zip archive.
Below some fragments:
#0 0x000000000046b0fc in match (eptr=Cannot access memory at address
0x7fff63e53f70
) at /usr/src/php-5.2.9/ext/pcre/pcrelib/pcre_exec.c:432
rrc = 0
i = 0
c = 0
utf8 = 0
minimize = 0
possessive = 0
condcode = 0
charptr = (const uschar *) 0x0
callpat = (const uschar *) 0x0
data = (const uschar *) 0x0
next = (const uschar *) 0x0
pp = (const unsigned char *) 0x0
prev = (const uschar *) 0x0
saved_eptr = (const unsigned char *) 0x0
new_recursive = {prevrec = 0x0, group_num = 0, after_call = 0x0,
save_start = 0x0, offset_save = 0x0, saved_max = 0}
cur_is_word = 0
condition = 0
prev_is_word = 0
original_ims = 0
prop_type = 0
prop_value = 0
prop_fail_result = 0
prop_category = 0
prop_chartype = 0
prop_script = 0
oclength = 0
occhars = "\000\000\000\000\000\000\000"
codelink = 0
ctype = 0
length = 0
max = 0
min = 0
number = 0
offset = 0
op = 0
save_capture_last = 0
save_offset1 = 0
save_offset2 = 0
save_offset3 = 0
stacksave = {0 <repeats 30 times>}
newptrb = {epb_prev = 0x0, epb_saved_eptr = 0x0}
#1 0x000000000046b6fa in match (eptr=0x1548da1 " jedyne s<C5>\202owo jakie w
konkluzji powinno si<C4>\231 nasuwa<C4>\207 ka<C5><BC>demu <C5>\233wiad
omemu politycznie Amerykaninowi. Link do artyku<C5>\202u:
http://wiadomosci.wp.pl/kat,107158,title,Przywodca-Iranu-odpowiada-Obamie-"...,
ecode=0
x11011bf "_", mstart=0x15483f0 "<a title=\"Przyw<C3><B3>dca Iranu odpowiada
Obamie\" mce_href=\"Ca<C5>\202kiem niedawno ca<C5>\202y <C5>\233wiat obie
g<C5>\202a informacja i<C5><BC> nowy przyw<C3><B3>dca USA - Barack Obama,
wyci<C4>\205gn<C4>\205<C5>\202 r<C4>\231k<C4>\231 do Iranu. <C5>\232wie<C5>
<BC>o wybrany prezyde"..., offset_top=10, md=0x7fff64648d80, ims=4, eptrb=0x0,
flags=0, rdepth=4964) at /usr/src/php-5.2.9/ext/pcre/pcrelib/pcre_exec
.c:720
rrc = 0
i = 0
c = 0
utf8 = 0
minimize = 0
possessive = 0
condcode = 0
charptr = (const uschar *) 0x0
callpat = (const uschar *) 0x0
data = (const uschar *) 0x0
next = (const uschar *) 0x0
pp = (const unsigned char *) 0x0
prev = (const uschar *) 0x0
saved_eptr = (const unsigned char *) 0x0
new_recursive = {prevrec = 0x0, group_num = 0, after_call = 0x0,
save_start = 0x0, offset_save = 0x0, saved_max = 0}
cur_is_word = 0
condition = 0
prev_is_word = 0
original_ims = 4
prop_type = 0
prop_value = 0
prop_fail_result = 0
prop_category = 0
prop_chartype = 0
prop_script = 0
oclength = 0
occhars = "\000\000\000\000\000\000\000"
codelink = 0
ctype = 0
length = 0
max = 0
min = 0
number = 4
offset = 8
op = 95
save_capture_last = 4
save_offset1 = 2480
save_offset2 = 2481
save_offset3 = 2480
stacksave = {0 <repeats 30 times>} newptrb = {epb_prev = 0x0,
epb_saved_eptr = 0x0}
#2 0x000000000046d431 in match (eptr=0x1548da1 " jedyne s<C5>\202owo jakie w
konkluzji powinno si<C4>\231 nasuwa<C4>\207 ka<C5><BC>demu <C5>\233wiadomemu
politycznie Amerykaninowi. Link do artyku<C5>\202u:
http://wiadomosci.wp.pl/kat,107158,title,Przywodca-Iranu-odpowiada-Obamie-"...,
ecode=0x11011f2 "V", mstart=0x15483f0 "<a title=\"Przyw<C3><B3>dca Iranu
odpowiada Obamie\" mce_href=\"Ca<C5>\202kiem niedawno ca<C5>\202y <C5>\233wiat
obieg<C5>\202a informacja i<C5><BC> nowy przyw<C3><B3>dca USA - Barack Obama,
wyci<C4>\205gn<C4>\205<C5>\202 r<C4>\231k<C4>\231 do Iranu.
<C5>\232wie<C5><BC>o wybrany prezyde"..., offset_top=10, md=0x7fff64648d80,
ims=4, eptrb=0x0, flags=0, rdepth=4963) at
/usr/src/php-5.2.9/ext/pcre/pcrelib/pcre_exec.c:1361
rrc = 0
i = 2
c = 111
utf8 = 0
minimize = 0
possessive = 0
condcode = 0
charptr = (const uschar *) 0x0
callpat = (const uschar *) 0x0
data = (const uschar *) 0x11011d2 "<FF><FF><FF><FF><FF>\177<FF><BF>",
'<FF>' <repeats 24 times>, "V"
next = (const uschar *) 0x0
pp = (const unsigned char *) 0x0
prev = (const uschar *) 0x11011bf "_"
saved_eptr = (const unsigned char *) 0x0
new_recursive = {prevrec = 0x0, group_num = 0, after_call = 0x0,
save_start = 0x0, offset_save = 0x0, saved_max = 0}
cur_is_word = 0
condition = 0
prev_is_word = 0
original_ims = 4
prop_type = 0
prop_value = 0
prop_fail_result = 0
prop_category = 0
prop_chartype = 0
prop_script = 0
oclength = 0
occhars = "\000\000\000\000\000\000\000"
codelink = 0
ctype = 0
length = 0
max = 1
min = 1
number = 4
offset = 8
op = 86
save_capture_last = 0
save_offset1 = 0
save_offset2 = 0
save_offset3 = 0
stacksave = {0 <repeats 30 times>}
newptrb = {epb_prev = 0x0, epb_saved_eptr = 0x0}
------CUT------
#4965 0x000000000046b6fa in match (eptr=0x15483f0 "<a title=\"Przyw<C3><B3>dca
Iranu odpowiada Obamie\" mce_href=\"Ca<C5>\202kiem niedawno ca<C5>\202
y <C5>\233wiat obieg<C5>\202a informacja i<C5><BC> nowy przyw<C3><B3>dca USA -
Barack Obama, wyci<C4>\205gn<C4>\205<C5>\202 r<C4>\231k<C4>\231 do Ira
nu. <C5>\232wie<C5><BC>o wybrany prezyde"..., ecode=0x11011a3 "_",
mstart=0x15483f0 "<a title=\"Przyw<C3><B3>dca Iranu odpowiada Obamie\"
mce_href=\"
Ca<C5>\202kiem niedawno ca<C5>\202y <C5>\233wiat obieg<C5>\202a informacja
i<C5><BC> nowy przyw<C3><B3>dca USA - Barack Obama, wyci<C4>\205gn<C4>\205
<C5>\202 r<C4>\231k<C4>\231 do Iranu. <C5>\232wie<C5><BC>o wybrany prezyde"...,
offset_top=2, md=0x7fff64648d80, ims=4, eptrb=0x0, flags=0, rdepth=0)
at /usr/src/php-5.2.9/ext/pcre/pcrelib/pcre_exec.c:720
rrc = 1
i = 0
c = 20104040
utf8 = 0
minimize = 0
possessive = 0
condcode = 0
charptr = (const uschar *) 0x7fff646489a0 ""
callpat = (const uschar *) 0x107ff70 "H\035\b\001"
data = (const uschar *) 0x77e496
"\205<C0>u\030H\213E<F0>H\213P\020H\213E<C8>H\211\020<C7>E<C4>"
next = (const uschar *) 0x0
pp = (const unsigned char *) 0x0
prev = (const uschar *) 0x7fff64651ee0 "\003"
saved_eptr = (const unsigned char *) 0x0
new_recursive = {prevrec = 0x7fff646488b0, group_num = 0, after_call =
0x7fff64651ee0 "\003", save_start = 0x100000000 <Address 0x100000000 o
ut of bounds>, offset_save = 0x1065a10, saved_max = 17193488}
cur_is_word = 20780480
condition = 0
prev_is_word = 0
original_ims = 4
prop_type = 32767
prop_value = 0
prop_fail_result = 0
prop_category = 1550138368
prop_chartype = 0
prop_script = 22307776
oclength = 0
occhars = "\000\215dd<FF>\177\000"
codelink = 13755024
ctype = 6
length = 20780424
max = 32767
min = 1684312056
number = 1
offset = 2
op = 95
save_capture_last = -1
save_offset1 = -1
save_offset2 = -1
save_offset3 = -1
stacksave = {371425234, -641582999, 22219328, 12, 14585744, 0,
22219328, 417, 10765256, 0, 1684310056, 32767, 1684310112, 32767, 7946961, 0,
1684310016, 32767, 7656292, 0, 22847968, 0, 3, 0, 0, 0, 20104040, 0,
1684310288, 32767}
newptrb = {epb_prev = 0x0, epb_saved_eptr = 0x1065a10
"\002ZZZZZZZ\by\005\001"}
#4966 0x000000000047ad8f in php_pcre_exec (argument_re=0x1101170,
extra_data=0x7fff64648fe0, subject=0x15483f0 "<a title=\"Przyw<C3><B3>dca Iranu
odp
owiada Obamie\" mce_href=\"Ca<C5>\202kiem niedawno ca<C5>\202y <C5>\233wiat
obieg<C5>\202a informacja i<C5><BC> nowy przyw<C3><B3>dca USA - Barack Ob
ama, wyci<C4>\205gn<C4>\205<C5>\202 r<C4>\231k<C4>\231 do Iranu.
<C5>\232wie<C5><BC>o wybrany prezyde"..., length=6679, start_offset=0,
options=0, of
fsets=0x14eb5b8, offsetcount=18) at
/usr/src/php-5.2.9/ext/pcre/pcrelib/pcre_exec.c:4895
save_end_subject = (const unsigned char *) 0x1549e07 ""
new_start_match = (const unsigned char *) 0x8 <Address 0x8 out of
bounds>
rc = 0
resetcount = 12
ocount = 18
first_byte = 60
req_byte = 62
req_byte2 = 62
newline = 10
ims = 4
using_temporary_offsets = 0
anchored = 0
startline = 0
firstline = 0
first_byte_caseless = 0
req_byte_caseless = 0
utf8 = 0
match_block = {match_call_count = 7445, match_limit = 100000,
match_limit_recursion = 100000, offset_vector = 0x14eb5b8, offset_end = 18, off
set_max = 12, nltype = 0, nllen = 1, nl = "\n\221dd", lcc = 0x7faf60 "", ctypes
= 0x7fb2a0 "\200", offset_overflow = 0, notbol = 0, noteol = 0, utf8
= 0, jscript_compat = 0, endonly = 0, notempty = 0, partial = 0, hitend = 0,
bsr_anycrlf = 0, start_code = 0x11011a0 "^", start_subject = 0x15483f0 "
<a title=\"Przyw<C3><B3>dca Iranu odpowiada Obamie\" mce_href=\"Ca<C5>\202kiem
niedawno ca<C5>\202y <C5>\233wiat obieg<C5>\202a informacja i<C5><BC>
nowy przyw<C3><B3>dca USA - Barack Obama, wyci<C4>\205gn<C4>\205<C5>\202
r<C4>\231k<C4>\231 do Iranu. <C5>\232wie<C5><BC>o wybrany prezyde"..., end_s
ubject = 0x1549e07 "", start_match_ptr = 0x15483f0 "<a title=\"Przyw<C3><B3>dca
Iranu odpowiada Obamie\" mce_href=\"Ca<C5>\202kiem niedawno ca<C5>\20
2y <C5>\233wiat obieg<C5>\202a informacja i<C5><BC> nowy przyw<C3><B3>dca USA -
Barack Obama, wyci<C4>\205gn<C4>\205<C5>\202 r<C4>\231k<C4>\231 do Ir
anu. <C5>\232wie<C5><BC>o wybrany prezyde"..., end_match_ptr = 0x14ec4d8 "",
end_offset_top = 160, capture_last = 4, start_offset = 0, eptrchain = 0x
9520074d364, eptrn = 10742728, recursive = 0x0, callout_data = 0x0}
md = (match_data *) 0x7fff64648d80
tables = (const uschar *) 0x7faf60 ""
start_bits = (const uschar *) 0x0
start_match = (const unsigned char *) 0x15483f0 "<a
title=\"Przyw<C3><B3>dca Iranu odpowiada Obamie\" mce_href=\"Ca<C5>\202kiem
niedawno ca
<C5>\202y <C5>\233wiat obieg<C5>\202a informacja i<C5><BC> nowy
przyw<C3><B3>dca USA - Barack Obama, wyci<C4>\205gn<C4>\205<C5>\202
r<C4>\231k<C4>\23
1 do Iranu. <C5>\232wie<C5><BC>o wybrany prezyde"...
end_subject = (const unsigned char *) 0x1549e07 ""
req_byte_ptr = (const unsigned char *) 0x15483ef "Z<a
title=\"Przyw<C3><B3>dca Iranu odpowiada Obamie\" mce_href=\"Ca<C5>\202kiem
niedawno ca
<C5>\202y <C5>\233wiat obieg<C5>\202a informacja i<C5><BC> nowy
przyw<C3><B3>dca USA - Barack Obama, wyci<C4>\205gn<C4>\205<C5>\202
r<C4>\231k<C4>\231 do Iranu. <C5>\232wie<C5><BC>o wybrany prezyd"...
internal_study = {size = 1684311920, options = 32767, start_bits =
"!<D5>t", '\0' <repeats 17 times>, "[\002\000\000X<A8>\200\000\000\000\000"}
study = (const pcre_study_data *) 0x0
internal_re = {magic_number = 13755024, size = 0, options = 48, flags =
0, dummy1 = 0, top_bracket = 36512, top_backref = 25700, first_byte = 32767,
req_byte = 0, name_table_offset = 54561, name_entry_size = 116, name_count = 0,
ref_count = 0, tables = 0x7fff64648f68 "<E0>\222dd<FF>\177", nullpad =
0x800000008 <Address 0x800000008 out of bounds>}
external_re = (const real_pcre *) 0x1101170
re = (const real_pcre *) 0x1101170
#4967 0x000000000047f902 in php_pcre_match_impl (pce=0x146b980,
subject=0x15483f0 "<a title=\"Przyw<C3><B3>dca Iranu odpowiada Obamie\"
mce_href=\"Ca
<C5>\202kiem niedawno ca<C5>\202y <C5>\233wiat obieg<C5>\202a informacja
i<C5><BC> nowy przyw<C3><B3>dca USA - Barack Obama, wyci<C4>\205gn<C4>\205
<C5>\202 r<C4>\231k<C4>\231 do Iranu. <C5>\232wie<C5><BC>o wybrany prezyde"...,
subject_len=6679, return_value=0x14eb070, subpats=0x13bbd60, global=0
, use_flags=0, flags=0, start_offset=0) at
/usr/src/php-5.2.9/ext/pcre/php_pcre.c:621
result_set = (zval *) 0x7fff646490d0
match_sets = (zval **) 0x0
extra = (pcre_extra *) 0x7fff64648fe0
extra_data = {flags = 18, study_data = 0x7fff6464911c, match_limit =
100000, callout_data = 0x7fff64649118, tables = 0x13efec0 "~(</?)(\\w*)(
(/(?!>)|[^/>])*)(/?>)~s", match_limit_recursion = 100000}
exoptions = 0
count = 0
offsets = (int *) 0x14eb5b8
num_subpats = 6
size_offsets = 18
matched = 0
g_notempty = 0
stringlist = (const char **) 0x7fbb5a9875ca
match = 0x0
subpat_names = (char **) 0x1607618
i = 0
rc = 0
subpats_order = 0
offset_capture = 0
#4968 0x000000000047f54d in php_do_pcre_match (ht=3, return_value=0x14eb070,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, global=0) at /u
sr/src/php-5.2.9/ext/pcre/php_pcre.c:513
regex = 0x13efec0 "~(</?)(\\w*)((/(?!>)|[^/>])*)(/?>)~s"
subject = 0x15483f0 "<a title=\"Przyw<C3><B3>dca Iranu odpowiada
Obamie\" mce_href=\"Ca<C5>\202kiem niedawno ca<C5>\202y <C5>\233wiat obieg
<C5>\202a informacja i<C5><BC> nowy przyw<C3><B3>dca USA - Barack Obama,
wyci<C4>\205gn<C4>\205<C5>\202 r<C4>\231k<C4>\231 do Iranu. <C5>\232wie<C5>
<BC>o wybrany prezyde"...
regex_len = 35
subject_len = 6679
pce = (pcre_cache_entry *) 0x146b980
subpats = (zval *) 0x13bbd60
flags = 0
start_offset = 0
PS Sorry about my English.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
