Regular expression crashes Apache due to PCRE limitations

802 views Asked by At

I am currently creating bbcode parsing engine and I have encountered a situation what I can't figure out on my own.

The thing is, that I popped into a problem exactly like this one: Apache / PHP on Windows crashes with regular expression

That means that if I make something like the example below Apache crashes because of recursion count reaching 690 (1MB memory limit for PCRE):

$txt = '[b]'.str_repeat('a', 338).'[/b]';  // if I change repeat count to lower value it's ok
$regex = '#\[(?P<attributes>(?P<tag>[a-z0-9_]*?)(?:=.*?|\s.*?|))](?P<content>(?:[^[]|\[(?!/?(?P=tag)])|(?R))+?)\[/(?P=tag)]#mi';

echo preg_replace_callback($regex, function($matches) { return $matches['content']; }, $txt);

So I need to somehow minimize the need of * and + in my regex, but that's where I'm out of ideas so I though maybe you could suggest something.

Other approaches for parsing bbcode (that could handle nested tags) are welcome. However I would not like to use an already built class or something. I like to do things on my own!

I have also looked into PECL and Pear HTML_BBCodeParser. But I don't want my application to be dependent on extensions. More likely I may do some script that checks for that extension and if it doesn't exist use the BBCode parser that I'm trying to do here.

Sorry if my descriptions are gloomy, I'm not pro at English ^^

EDIT. So the regex explained:

\[(?P<attributes>(?P<tag>[a-z0-9_]*?)(?:=.*?|\s.*?|))]

This is my opening tag. I have used named groups. With 'tag' I identify tag and with 'attributes' I identify tags attributes. Think of tag as an attribute also. So what is happening here? I try to match a tag, when a tag is matched, I try to match anything after = sign or anything after \s (spacer) until it reaches tag closure ].

(?P<content>(?:[^[]|\[(?!/?(?P=tag)])|(?R))+?)

Now here I am trying to match content. This is the tricky part. I am looking for any character that is not [ and if I find any, then I check if it is not my ending tag or recursion, and I tell the regex engine to do so until....

\[/(?P=tag)]

... the ending tag is found.

2

There are 2 answers

4
Vivin Paliath On

I was going to suggest a BBCodeParser...

I have also looked into PECL and Pear HTML_BBCodeParser. But i don't want my application to be dependant on extensions

I find that to be very strange. Why reinvent the wheel? One of the principles of good software-engineering is DRY (Don't Repeat Yourself). You're trying to solve a problem that has already been solved.

I like to do things on my own!

That's not bad in of itself, but there are times when you are better off using a tried and true solution; one that is better tested and more robust than your own (as you're finding out). That way you will spend time on the problem you actually want to solve instead of solving a problem that has already been solved. Don't fall into the trap of reinventing the wheel. :)

My suggestion (and solution) to you is to use a BBCode parser.

EDIT

Another thing is that you're parsing something that is HTML-like. Things of that nature don't lend themselves easily to being parsed by regular expressions.

1
NullUserException On

Your regex, especially the zero-width assertions (lookaround) cause the regex engine to backtrack catastrophically. Moral of the story: Regex can't shouldn't be used to parse languages that are not regular. If you have nested structures, that's not a regular language.

In fact, I think BBCode is evil. BBCode is a markup language invented by lazy programmers who didn't want to filter HTML the proper way. As a result, we now have a loose "standard" that's hard to implement. Filter your HTML the right way:

http://htmlpurifier.org/