Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regex times out and crashes Apache when pcre.jit is enabled #57

Closed
JackJohansson opened this issue Nov 23, 2021 · 9 comments
Closed

Regex times out and crashes Apache when pcre.jit is enabled #57

JackJohansson opened this issue Nov 23, 2021 · 9 comments

Comments

@JackJohansson
Copy link

JackJohansson commented Nov 23, 2021
edited
Loading

Recently I've installed PHP8.1.0RC6 and Laravel 9 to try out some of the new features. I was unable to load any pages using Laravel, as Apache would crash and I would get a connection reset message.

I've posted a bug report on Laravel's repository here. We've tracked down the issue to a regex. I was suggested to post the bug on php.net, which I did submit. After further investigation, it appears that the issue is related to a recent patch to this repository.

The detailed bug description can be found in the links below, but just as a short explanation, the following piece of code will crash Apache ( using 2.4.51 ) when pcre.jit = 1 but does not cause a problem when it's executed via CLI:

var_dump(
	preg_match(
		'(([\\r\\n]{1,1000})|([^\\S\\r\\n]{1,1000})|(\\\\)|(\')|(")|(\\#)|(\\$)|(([^(\\s\\\\\'"\\#\\$)]|\\(|\\)){1,1000}))A',
		'Laravel',
		$matches
	)
);

Bug report on Laravel repository:
laravel/framework#39716

Bug report on bugs.php.net:
https://bugs.php.net/bug.php?id=81647
@zherczeg
Copy link
Collaborator

Thank you for the report. There was a follow-up fix for that: 51ec2c9
Is this fix your issue?

@JackJohansson
Copy link
Author

Thanks for the quick response! Unfortunately I don't have the tools to compile the latest version on Windows, so I'll wait a few days for the new PHP release, which most likely has PCRE 10.39 bundled :)

@cmb69
Copy link

cmb69 commented Nov 23, 2021

@zherczeg, PHP already has that patch applied (php/php-src@788a701), but the stack overflow occurs nonetheless. I'll try with a clean PCRE2 10.39, and report back.

@JackJohansson, it is rather unlikely that PHP 8.1.0 will ship with PCRE2 10.39. It is still on a slightly patched 10.37, and 8.1.0 is going to be tagged today.

@cmb69
Copy link

cmb69 commented Nov 23, 2021

I'll try with a clean PCRE2 10.39, and report back.

Same issue, namely a stack overflow during compilation.

@zherczeg
Copy link
Collaborator

Hm, it looks like when I updated the code I changed a != to ==
0dd0283 line 1619

@zherczeg
Copy link
Collaborator

Please check if #58 fixes the issue. I am doing too many typos these days.

@cmb69
Copy link

cmb69 commented Nov 24, 2021

Yes, that fixes the issue (and the rest of PHP's pcre test suite still passes). Thank you!

@zherczeg
Copy link
Collaborator

@PhilipHazel if you are ok with this patch, please land it. Thank you.

@PhilipHazel
Copy link
Collaborator

I have done the merge of #58.

@SolitaryGrass SolitaryGrass mentioned this issue May 31, 2023
Closed
This was referenced Aug 1, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zherczeg @cmb69 @PhilipHazel @JackJohansson