[pcre-dev] [Bug 1338] New: Crashes on not-very-long strings …

Kezdőlap
Üzenet törlése
Szerző: Dan Chadwick
Dátum:  
Címzett: pcre-dev
Tárgy: [pcre-dev] [Bug 1338] New: Crashes on not-very-long strings that work on other versions
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1338
           Summary: Crashes on not-very-long strings that work on other
                    versions
           Product: PCRE
           Version: 8.12
          Platform: x86-64
               URL: http://drupal.org/node/1917530
        OS/Version: Windows
            Status: NEW
          Severity: bug
          Priority: high
         Component: Code
        AssignedTo: ph10@???
        ReportedBy: dan899@???
                CC: pcre-dev@???



Platform is Windows PHP5.3.13, PCRE 8.12, from WampServer2.2. Previously worked
fine with PHP 5.2.11 (PCRE 7.8 I think) and on Unbuntu with PHP 5.3.2 (PCRE
7.8).

Search string (ending in newline):
description = "Helps readers share, bookmark, and email your articles and pages
using any service, such as Facebook, Twitter, Google+, StumbleUpon, and over
100 more using the <a href='http://share.lockerz.com/' target='_blank'>Lockerz
Share / AddToAny</a> widget."

PHP code:
  if (preg_match_all('
    @^\s*                           # Start at the beginning of a line,
ignoring leading whitespace
    ((?:
      [^=;\[\]]|                    # Key names cannot contain equal signs,
semi-colons or square brackets,
      \[[^\[\]]*\]                  # unless they are balanced and not nested
    )+?)
    \s*=\s*                         # Key/value pairs are separated by equal
signs (ignoring white-space)
    (?:
      ("(?:[^"]|(?<=\\\\)")*")|     # Double-quoted string, which may contain
slash-escaped quotes/slashes
      (\'(?:[^\']|(?<=\\\\)\')*\')| # Single-quoted string, which may contain
slash-escaped quotes/slashes
      ([^\r\n]*?)                   # Non-quoted string
    )\s*$                           # Stop at the next end of a line, ignoring
trailing whitespace
    @msx', $data, $matches, PREG_SET_ORDER)) {


Result:
Crash. Apache resets the connection. The crash is very sensitive to the length
of the search string. Make it a little short and it works file. The positive
look-ahead assertion, i.e. (?<=\\)" seems to be the culprit.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email