Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 3.2.16

Bug #9977 segfault with large forms
Submitted: 2007-01-30 11:30 UTC
From: ian at ithomas dot name Assigned: avb
Status: Closed Package: HTML_QuickForm (version 3.2.7)
PHP Version: 4.4.4 OS: Linux
Roadmaps: 3.2.8    

 [2007-01-30 11:30 UTC] ian at ithomas dot name (Ian Thomas)
Description: ------------ In Renderer/Default.php line 248: preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->(\s|\S)*<!-- END required -->([ \t\n\r]*)?/i", '', $html); When the above line processes a variable of over 9k it causes php to segfault, presumably from a stack overflow. Changing the line to preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->.*<!-- END required -->([ \t\n\r]*)?/i", '', $html); avoids the segfault and as far as I can see does not cause any problems. The error regex a few lines below uses .* too Test script: --------------- <?php $html = "<tr> <th><span<!-- BEGIN required --> class=\"required\"<!-- END required -->><table class=\"homemain\"> any text here, must total over about 9 kbytes"; echo preg_replace("/([ \t\n\r]*)?<!-- BEGIN required -->(\s|\S)*<!-- END required -->([ \t\n\r]*)?/i", '', $html); ?>


 [2007-03-07 17:08 UTC] avb (Alexey Borzov)
Must check whether \s|\S and . are really the same, but they probably are.
 [2007-06-03 13:17 UTC] avb (Alexey Borzov)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.