From d1fceeec30a7fb1338c8513d3f8700757c80d10b Mon Sep 17 00:00:00 2001 From: Arnaud Le Blanc Date: Wed, 6 Aug 2025 17:40:53 +0200 Subject: [PATCH] Check stack limit in fuzzer executor The stack limit is checked when entering execute_ex(), but the fuzzer has its own execute function and does not call execute_ex(). Add a stack limit check in the fuzzer's execute function. Closes GH-19391 --- sapi/fuzzer/fuzzer-execute-common.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/sapi/fuzzer/fuzzer-execute-common.h b/sapi/fuzzer/fuzzer-execute-common.h index b3a77268b39..20fcad111cd 100644 --- a/sapi/fuzzer/fuzzer-execute-common.h +++ b/sapi/fuzzer/fuzzer-execute-common.h @@ -53,7 +53,18 @@ static zend_always_inline void fuzzer_step(void) { static void (*orig_execute_ex)(zend_execute_data *execute_data); static void fuzzer_execute_ex(zend_execute_data *execute_data) { + +#ifdef ZEND_CHECK_STACK_LIMIT + if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) { + zend_call_stack_size_error(); + /* No opline was executed before exception */ + EG(opline_before_exception) = NULL; + /* Fall through to handle exception below. */ + } +#endif /* ZEND_CHECK_STACK_LIMIT */ + const zend_op *opline = EX(opline); + while (1) { fuzzer_step(); opline = ((opcode_handler_t) opline->handler)(execute_data, opline);