Skip to content

Zend: Fix stack overflow crash in recursive function#22524

Open
arshidkv12 wants to merge 2 commits into
php:masterfrom
arshidkv12:fix-stack-overflow
Open

Zend: Fix stack overflow crash in recursive function#22524
arshidkv12 wants to merge 2 commits into
php:masterfrom
arshidkv12:fix-stack-overflow

Conversation

@arshidkv12

@arshidkv12 arshidkv12 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@devnexen

devnexen commented Jun 30, 2026

Copy link
Copy Markdown
Member

your change seems to fix it but nonetheless you still need to add a test.

@arshidkv12

arshidkv12 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Thank you. I added a new test file.

@devnexen devnexen requested a review from iluuu1994 June 30, 2026 12:32
@iliaal

iliaal commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

I am not sure this is needed, it is recursive function, it will fail anyway, unless there is a real use-case this IMO should be a won't fix

arnaud-lb
arnaud-lb reviewed Jun 30, 2026
View reviewed changes
Comment thread Zend/zend_builtin_functions.c
const zend_op *opline = call->opline;
if (UNEXPECTED(!opline)) {
goto not_frameless_call;
}

@arnaud-lb arnaud-lb Jun 30, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may be the wrong fix: A NULL opline implies that we are missing a SAVE_OPLINE() somewhere in the engine.

@arnaud-lb

arnaud-lb commented Jun 30, 2026
edited
Loading

Copy link
Copy Markdown
Member

@iliaal

I am not sure this is needed, it is recursive function, it will fail anyway, unless there is a real use-case this IMO should be a won't fix

Emitting a PHP error instead of causing a seg fault improves user experience substantially in my opinion, so we should try to do so when possible. This is much easier to debug for most people. See #9104.

In this case it's a bit different: Engine recursion causes an OOM fatal error, and we crash while generating the stack trace (possibly due to a missing SAVE_OPLINE(), but I wasn't able to reproduce the exact same crash).

Generating the stack trace takes a very long time. We should probably update #17056 so that it truncates large traces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arnaud-lb arnaud-lb arnaud-lb left review comments
@iluuu1994 iluuu1994 Awaiting requested review from iluuu1994

Assignees

No one assigned

Labels

Category: Engine

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@arshidkv12 @devnexen @iliaal @arnaud-lb