3v4l.org

run code in 300+ PHP versions simultaneously
<?php $regex = '/(^a)|(.*(?=ab\K))/'; $subject = "aaaaxyzaabaa"; // Comment/uncomment below as wanted. // All 3 functions are vulnerable (note, other functions are affected as well) preg_match_all($regex,$subject,$x); var_dump($x);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/joMK5
function name:  (null)
number of ops:  11
compiled vars:  !0 = $regex, !1 = $subject, !2 = $x
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, '%2F%28%5Ea%29%7C%28.%2A%28%3F%3Dab%5CK%29%29%2F'
    4     1        ASSIGN                                                   !1, 'aaaaxyzaabaa'
    8     2        INIT_FCALL                                               'preg_match_all'
          3        SEND_VAR                                                 !0
          4        SEND_VAR                                                 !1
          5        SEND_REF                                                 !2
          6        DO_ICALL                                                 
    9     7        INIT_FCALL                                               'var_dump'
          8        SEND_VAR                                                 !2
          9        DO_ICALL                                                 
         10      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
151.41 ms | 1385 KiB | 17 Q