Ubuntu
php5 package

preg_replace_callback segfaults

Bug #369737 reported by Anthony Durity
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Binary package hint: php5

Program received signal SIGSEGV, Segmentation fault.
preg_replace_impl (ht=5, return_value=0xb9a72214, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001')
    at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_variables.h:32
32 /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_variables.h: No such file or directory.
 in /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_variables.h
(gdb) backtrace
#0 preg_replace_impl (ht=5, return_value=0xb9a72214, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001')
    at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_variables.h:32
#1 0xb733cc03 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfdd00b8) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:200
#2 0xb732809b in execute (op_array=0xb978347c) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#3 0xb733c4c6 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfdd0278) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#4 0xb732809b in execute (op_array=0xb97888d0) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#5 0xb733c4c6 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfdd0618) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#6 0xb732809b in execute (op_array=0xb9788ea4) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#7 0xb733c4c6 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfdd1158) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#8 0xb732809b in execute (op_array=0xb9721148) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#9 0xb732d868 in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0xbfdd1338) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:4612
#10 0xb732809b in execute (op_array=0xb9719ec4) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#11 0xb732ade9 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER (execute_data=0xbfdd1db8) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:20047
#12 0xb732809b in execute (op_array=0xb9718434) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#13 0xb7302710 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /build/buildd/php5-5.2.6.dfsg.1/Zend/zend.c:1215
#14 0xb72b6fba in php_execute_script (primary_file=0xbfdd4078) at /build/buildd/php5-5.2.6.dfsg.1/main/main.c:2028
#15 0xb737a8c0 in php_handler (r=0xb97600e0) at /build/buildd/php5-5.2.6.dfsg.1/sapi/apache2handler/sapi_apache2.c:648

php --version 5.2.6.dfsg.1-3ubuntu4.1 (jaunty-updates, jaunty-security)

Was working in Intrepid, upgraded to Jaunty - stopped working. I could have introduced an error but it shouldn't segfault anyway I guess.

Revision history for this message
Andreas Olsson (andol) wrote :

Can you provide the PHP code which causes this segfault?

I tried the following example code, and managed to run preg_replace_callback() just fine on both an i386 and an amd64 running jaunty.

<?php
// this text was used in 2002
// we want to get this up to date for 2003
$text = "April fools day is 04/01/2002\n";
$text.= "Last christmas was 12/24/2001\n";
// the callback function
function next_year($matches)
{
  // as usual: $matches[0] is the complete match
  // $matches[1] the match for the first subpattern
  // enclosed in '(...)' and so on
  return $matches[1].($matches[2]+1);
}
echo preg_replace_callback(
            "|(\d{2}/\d{2}/)(\d{4})|",
            "next_year",
            $text);

?>

(Taken from http://www.php.net/manual/en/function.preg-replace-callback.php)

Changed in php5 (Ubuntu):
status: New → Incomplete
Revision history for this message
Andreas Olsson (andol) wrote :

We'd like to figure out what's causing this bug for you, but we haven't heard back from you in a while. Could you please provide the requested information? Thanks!

Revision history for this message
fiasco (josh-catalyst) wrote :

This is happening to me, I found this bug in the PEAR mediawiki filter. the code from there is:
<?php
function parse()
    {
        error_log("parser called");
        $this->wiki->source = preg_replace_callback(
            $this->regex,
            array(&$this, 'process'),
            $this->wiki->source
        );
        error_log("Returning parse");
    }
?>

Potential things to look at: the regex is getting confused? I'm also using macrons in my content.

Revision history for this message
Andreas Olsson (andol) wrote :

@fiasco:

Also running Ubuntu 9.04?

Since you have the code in front of you, do you have the possibility to create a standalone test case?

Revision history for this message
fiasco (josh-catalyst) wrote :

From what I understand this is a PCRE extension issue with recursive regex. This error occured for me when the mediawiki filter was trying to parse a with the following regex:

          #^\{\|(.*?)(?:^\|\+(.*?))?(^(?:((?R))|.)*?)^\|}#msi

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for php5 (Ubuntu) because there has been no activity for 60 days.]

Changed in php5 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.