Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 3.2.16

Bug #9977 segfault with large forms
Submitted: 2007-01-30 11:30 UTC
From: ian at ithomas dot name Assigned: avb
Status: Closed Package: HTML_QuickForm (version 3.2.7)
PHP Version: 4.4.4 OS: Linux
Roadmaps: 3.2.8    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 41 + 4 = ?

 
 [2007-01-30 11:30 UTC] ian at ithomas dot name (Ian Thomas)
Description: ------------ In Renderer/Default.php line 248: preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->(\s|\S)*<!-- END required -->([ \t\n\r]*)?/i", '', $html); When the above line processes a variable of over 9k it causes php to segfault, presumably from a stack overflow. Changing the line to preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->.*<!-- END required -->([ \t\n\r]*)?/i", '', $html); avoids the segfault and as far as I can see does not cause any problems. The error regex a few lines below uses .* too Test script: --------------- <?php $html = "<tr> <th><span<!-- BEGIN required --> class=\"required\"<!-- END required -->><table class=\"homemain\"> any text here, must total over about 9 kbytes"; echo preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->(\s|\S)*<!-- END required -->([ \t\n\r]*)?/i", '', $html); ?>

Comments

 [2007-03-07 17:08 UTC] avb (Alexey Borzov)
Must check whether \s|\S and . are really the same, but they probably are.
 [2007-06-03 13:17 UTC] avb (Alexey Borzov)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.