Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 3.2.16

Bug #9977 segfault with large forms
Submitted: 2007-01-30 11:30 UTC
From: ian at ithomas dot name Assigned: avb
Status: Closed Package: HTML_QuickForm (version 3.2.7)
PHP Version: 4.4.4 OS: Linux
Roadmaps: 3.2.8    
Subscription  
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes. If this is not your bug, you can add a comment by following this link. If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
2007-06-03 13:17 UTC
Package:
Bug Type:
Summary:
From: ian at ithomas dot name
New email:
PHP Version: Package Version: OS:

 

 [2007-01-30 11:30 UTC] ian at ithomas dot name (Ian Thomas)
Description: ------------ In Renderer/Default.php line 248: preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->(\s|\S)*<!-- END required -->([ \t\n\r]*)?/i", '', $html); When the above line processes a variable of over 9k it causes php to segfault, presumably from a stack overflow. Changing the line to preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->.*<!-- END required -->([ \t\n\r]*)?/i", '', $html); avoids the segfault and as far as I can see does not cause any problems. The error regex a few lines below uses .* too Test script: --------------- <?php $html = "<tr> <th><span<!-- BEGIN required --> class=\"required\"<!-- END required -->><table class=\"homemain\"> any text here, must total over about 9 kbytes"; echo preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->(\s|\S)*<!-- END required -->([ \t\n\r]*)?/i", '', $html); ?>

Comments

 [2007-03-07 17:08 UTC] avb (Alexey Borzov)
Must check whether \s|\S and . are really the same, but they probably are.
 [2007-06-03 13:17 UTC] avb (Alexey Borzov)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.