Date: Mon, 24 Dec 2007 01:28:14 GMT From: Thomas Sandford <freebsduser@paradisegreen.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/118980: php5-pcre can cause stack overflow in apache22 in normal use Message-ID: <200712240128.lBO1SEHM057893@miriam.paradisegreen.co.uk> Resent-Message-ID: <200712240130.lBO1U11h016725@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 118980 >Category: ports >Synopsis: php5-pcre can cause stack overflow in apache22 in normal use >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 24 01:30:01 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Thomas Sandford >Release: FreeBSD 7.0-BETA4 i386 >Organization: >Environment: System: FreeBSD miriam.paradisegreen.co.uk 7.0-BETA4 FreeBSD 7.0-BETA4 #0: Sun Dec 2 19:19:04 UTC 2007 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Problem manifests itself as occurence of messages like [Sat Dec 22 23:53:59 2007] [notice] child pid 71546 exit signal Illegal instruction (4) in the apache error log. Digging has revealed that this is really a stack overflow cause by excessive recursion in the pcre library. It is possible to tell pcre not to store data on the stack when recursing, but this is not enabled in the port or in php itself. Problem does not seem to be easily repeatable in the command line version of php, only the apache module (tested against apache22 only). >How-To-Repeat: portinstall apache22 portinstall php5-pcre [configure building of apache module] install symfony sandbox from www.symfony-project.org and enable access attempt to access a symfony page in non-debug mode >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712240128.lBO1SEHM057893>