Home Original page

PHP :: Bug #23285 :: zendlex coredump

Bug #23285 zendlex coredump
Submitted: 2003-04-20 05:42 UTC Modified: 2003-05-29 04:03 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: momo@php.net Assigned: wez (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.3-dev OS: RH9
Private report: No CVE-ID: None

 [2003-04-20 05:42 UTC] momo@php.net

coz the zendlex() function is recursive for some cases, it's quite easy dumping zend core.

e.g, just repeat the comments enough times on the following script (i did it 500,000 times but may less is nedded):
<? /**/ /**/ /*....... /**/ ?>


is this consider a bug?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2003-05-21 10:15 UTC] sniper@php.net

It still happens for me (using gcc 2.95.3)..

 [2003-05-25 06:37 UTC] momo@php.net

the bug still exists using gcc version 3.2.2 20030222 
here how u can easly reproduce it:

[root@moshe-lap php4]# cat ../../gen-php-seg.php
<?
$p = fopen("tmp","wb");
$str="";
for($a=0;$a<1024;$a++) $str.="/**/ ";
fwrite($p,"<? ");
for($a=0;$a<512;$a++) fwrite($p,$str);
fwrite($p," ?> ");
fclose($p);
?>

[root@moshe-lap php4]# ./sapi/cli/php ../../tmp
Segmentation fault

 [2003-05-28 20:05 UTC] sniper@php.net

Yes, that patch makes it not to crash anymore.
If there aren't any side-effects of it..commit? :)

 [2003-05-29 04:03 UTC] wez@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.