archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix stack overflow detection for variable compilation

Browse source 
Closes GH-17623
This commit is contained in:
Ilija Tovilo 2025-01-29 15:04:17 +01:00
parent 5a4832f97b
commit 333f5dd848
No known key found for this signature in database
GPG key ID: 5050C66BFCD1015A
3 changed files with 79 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -5,6 +5,10 @@ PHP NEWS
- BCMath: - BCMath:
. Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi) . Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)
- Core:
. Fixed bug GH-17623 (Broken stack overflow detection for variable
compilation). (ilutov)
13 Feb 2025, PHP 8.3.17 13 Feb 2025, PHP 8.3.17
- Core: - Core:

71
Zend/tests/stack_limit/stack_limit_015.phpt Normal file
View file

@ -0,0 +1,71 @@
--TEST--
Stack limit 015 - Internal stack limit check in zend_compile_var()
--CREDITS--
abdullahasif88
--SKIPIF--
<?php
if (!function_exists('zend_test_zend_call_stack_get')) die("skip zend_test_zend_call_stack_get() is not available");
?>
--EXTENSIONS--
zend_test
--INI--
zend.max_allowed_stack_size=128K
--FILE--
<?php
$test
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
->p->p->p->p->p->p->p->p->p->p
;
?>
--EXPECTF--
Fatal error: Maximum call stack size of %d bytes (zend.max_allowed_stack_size - zend.reserved_stack_size) reached during compilation. Try splitting expression in %s on line %d

4
Zend/zend_compile.c
View file

@ -10686,6 +10686,8 @@ static zend_op *zend_compile_var_inner(znode *result, zend_ast *ast, uint32_t ty
static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */ static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
{ {
zend_check_stack_limit();
uint32_t checkpoint = zend_short_circuiting_checkpoint(); uint32_t checkpoint = zend_short_circuiting_checkpoint();
zend_op *opcode = zend_compile_var_inner(result, ast, type, by_ref); zend_op *opcode = zend_compile_var_inner(result, ast, type, by_ref);
zend_short_circuiting_commit(checkpoint, result, ast); zend_short_circuiting_commit(checkpoint, result, ast);
@ -10694,6 +10696,8 @@ static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bo
static zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */ static zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
{ {
zend_check_stack_limit();
switch (ast->kind) { switch (ast->kind) {
case ZEND_AST_VAR: case ZEND_AST_VAR:
return zend_compile_simple_var(result, ast, type, 1); return zend_compile_simple_var(result, ast, type, 1);