Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions Zend/zend_execute_API.c
Original file line number Diff line number Diff line change
Expand Up @@ -861,6 +861,14 @@ zend_result zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_
}
}

#ifdef ZEND_CHECK_STACK_LIMIT
if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) {
zend_call_stack_size_error();
zend_release_fcall_info_cache(fci_cache);
return SUCCESS;
}
#endif

call = zend_vm_stack_push_call_frame(call_info,
func, fci->param_count, object_or_called_scope);
uint32_t consumed_args = fci->param_count ? fci->consumed_args : 0;
Expand Down
22 changes: 22 additions & 0 deletions ext/spl/tests/gh15672.phpt
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
--TEST--
GH-15672 (MultipleIterator attached to itself overflows the C stack)
--SKIPIF--
<?php
if (!function_exists('zend_test_zend_call_stack_get')) die("skip zend_test_zend_call_stack_get() is not available");

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is zend_test_zend_call_stack_get() needed for this test? Same with the zend_text extension being enabled.

also for the other test

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zend_test_zend_call_stack_get() is compiled only under #ifdef ZEND_CHECK_STACK_LIMIT, the same guard the fix's check sits behind, so function_exists() on it is the probe for whether stack-limit checking exists on this platform. Where it doesn't, EG(stack_limit) is never armed, the new check is a no-op, and the test recurses into a real SEGV instead of throwing. The probe lives in zend_test, hence the --EXTENSIONS-- line. Same skip guard as the existing Zend/tests/stack_limit/ tests.

if (getenv("SKIP_SLOW_TESTS")) die('skip slow test');
?>
--EXTENSIONS--
zend_test
--INI--
memory_limit=2G
zend.max_allowed_stack_size=512K
--FILE--
<?php
$m = new MultipleIterator();
$m->attachIterator(new ArrayIterator([1, 2, 3]), "1");
$m->attachIterator($m, 3);
foreach ($m as $key => $value) {
}
?>
--EXPECTREGEX--
.*Maximum call stack size of \d+ bytes.*Infinite recursion\?.*thrown in .* on line \d+
21 changes: 21 additions & 0 deletions ext/spl/tests/gh15911.phpt
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
--TEST--
GH-15911 (AppendIterator appended to itself overflows the C stack)
--SKIPIF--
<?php
if (!function_exists('zend_test_zend_call_stack_get')) die("skip zend_test_zend_call_stack_get() is not available");
if (getenv("SKIP_SLOW_TESTS")) die('skip slow test');
?>
--EXTENSIONS--
zend_test
--INI--
memory_limit=2G
zend.max_allowed_stack_size=512K
--FILE--
<?php
$it = new AppendIterator();
$it->append($it);
foreach ($it as $v) {
}
?>
--EXPECTREGEX--
.*Maximum call stack size of \d+ bytes.*Infinite recursion\?.*thrown in .* on line \d+
Loading