Validation of a text with regex in PHP crashing apache

Question

I'm validating a text with this function in my PHP application:

public function alpha_special($str)
{
    return ( ! preg_match("/^([-a-zA-Z0-9_-ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöùúûüýøþÿÐdŒ!?¿¡()\".',:@\n\r ]){0,350}+$/i", $str)) ? FALSE : TRUE;
}

It's a description field for a product, thus some characters apart alphanumerics should be allowed, also spaces, enter key line break, and with a limit of 350 characters.

Everything works fine unless I try to input a text with a lot of blank spaces and line breaks. If I do so, I get a windows error saying that Apache HTTP Server has stopped working (I'm running it on XAMPP).

However, if I either delete \n or \r of the regex it does not crash, but then it doesn't allow line breaks.

What I'm doing wrong here?

Thanks.

Tried double escaping and doesn't work neither. I also realized that it crashes even without blank spaces and line breaks. It just needs more than approx 100 characters to crash. — ablazq, Feb 21 '14 at 01:15
Yes, PHP sets `pcre.recursion_limit` too large by default (100000) and `httpd.exe` crashes due to a stack overflow. See my answer to related question: [RegExp in preg_match function returning browser error](http://stackoverflow.com/a/7627962/433790) for a more detailed description of the problem and a recommended solution. — ridgerunner, Feb 21 '14 at 01:18
Thanks ridgerunner. I read your answer in the other post which is nice, but I'm so beginner that I don't understand how to implement the solution, specially in the production server (AWS running ubuntu). Is there another way to easily validate server-side without this bug happening? — ablazq, Feb 21 '14 at 15:50
For starters, add the following line before your code: `ini_set("pcre.recursion_limit", "524");` - This will make it so that the code gracefully fails with an error message rather than crashing hard. You can also just eliminate the capture group from the regex which should completely solve the recursion problem for this simple case. (The parentheses are not necessary). — ridgerunner, Feb 21 '14 at 16:18

score 0 · Accepted Answer · edited May 23 '17 at 12:10

Apache is crashing due to a segmentation fault and stack overflow within the PCRE library due to PHP setting pcre.recursion_limit too large. See my answer to a related question: RegExp in preg_match function returning browser error for a more in-depth discussion of this problem.

Your regex has the form: (a)+ which when applied to a large subject string, will cause the segmentation fault crash. However, for this specific case the capture group is unnecessary and can simply be removed like so:

public function alpha_special($str)
{
    return ( ! preg_match("/^[-a-zA-Z0-9_-ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöùúûüýøþÿÐdŒ!?¿¡()\".',:@\n\r ]{0,350}+$/i", $str)) ? FALSE : TRUE;
}

This change should fix your immediate problem.

Nice! it's working and not crashing anymore. Thanks! – ablazq Feb 21 '14 at 17:10 — ablazq, Feb 21 '14 at 17:10

Validation of a text with regex in PHP crashing apache

1 Answers1