Support stack limit in phpdbg SAPI

arnaud-lb · arnaud-lb · commit ecf8e3ed41d5 · 2024-09-25T17:28:26.000+02:00
Add a stack limit check in zend_vm_call_opcode_handler for SAPIs that do not use
execute_ex().
diff --git a/Zend/tests/stack_limit/gh16041_001.phpt b/Zend/tests/stack_limit/gh16041_001.phpt
@@ -0,0 +1,39 @@
+--TEST--
+GH-16041 001: Stack overflow in phpdbg
+--SKIPIF--
+<?php
+if (ini_get('zend.max_allowed_stack_size') === false) {
+    die('skip No stack limit support');
+}
+?>
+--INI--
+zend.max_allowed_stack_size=512K
+--PHPDBG--
+set pagination off
+run
+continue
+quit
+--FILE--
+<?php
+
+class Canary {
+    public function __destruct() {
+        new Canary();
+    }
+}
+
+new Canary();
+
+?>
+--EXPECTF--
+[Successful compilation of %sgh16041_001.php]
+prompt> prompt> [Uncaught Error in %s on line %d: Maximum call stack size of %d bytes%s
+>00005:         new Canary();
+ 00006:     }
+ 00007: }
+prompt> [Uncaught Error in %s on line %d]
+Error: Maximum call stack size of %d bytes (zend.max_allowed_stack_size - zend.reserved_stack_size) reached. Infinite recursion? in %s:%d
+Stack trace:
+#0 %s(%d): Canary->__destruct()
+%a
+prompt>
diff --git a/Zend/tests/stack_limit/gh16041_002.phpt b/Zend/tests/stack_limit/gh16041_002.phpt
@@ -0,0 +1,33 @@
+--TEST--
+GH-16041 002: Stack overflow in phpdbg
+--SKIPIF--
+<?php
+if (ini_get('zend.max_allowed_stack_size') === false) {
+    die('skip No stack limit support');
+}
+?>
+--INI--
+zend.max_allowed_stack_size=512K
+--PHPDBG--
+set pagination off
+run
+quit
+--FILE--
+<?php
+
+function map() {
+    array_map('map', [1]);
+}
+
+try {
+    map();
+} catch (\Throwable $e) {
+    printf("%s: %s\n", $e::class, $e->getMessage());
+}
+
+?>
+--EXPECTF--
+[Successful compilation of %sgh16041_002.php]
+prompt> prompt> Error: Maximum call stack size of %d bytes (zend.max_allowed_stack_size - zend.reserved_stack_size) reached. Infinite recursion?
+[Script ended normally]
+prompt>
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
diff --git a/Zend/zend_vm_gen.php b/Zend/zend_vm_gen.php
@@ -2974,6 +2974,17 @@ function gen_vm($def, $skel) {
         out($f, "#endif\n");
         out($f, "\n");
         out($f, "\tLOAD_OPLINE();\n");
+        out($f, "\n");
+        out($f, "\t#ifdef ZEND_CHECK_STACK_LIMIT\n");
+        out($f, "\t\tif (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) {\n");
+        out($f, "\t\t\tzend_call_stack_size_error();\n");
+        out($f, "\t\t\t/* No opline was executed before exception */\n");
+        out($f, "\t\t\tEG(opline_before_exception) = NULL;\n");
+        out($f, "\t\t\tLOAD_OPLINE();\n");
+        out($f, "\t\t\t/* Fall through to handle exception below. */\n");
+        out($f, "\t\t}\n");
+        out($f, "\t#endif /* ZEND_CHECK_STACK_LIMIT */\n");
+        out($f, "\n");
         out($f,"#if defined(ZEND_VM_FP_GLOBAL_REG) && defined(ZEND_VM_IP_GLOBAL_REG)\n");
         if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID) {
             out($f,"#if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID)\n");
