Skip to content

Check the stack limit when calling internal functions#143

Closed
iliaal wants to merge 1 commit into
masterfrom
gh15672-stack-limit
Closed

Check the stack limit when calling internal functions#143
iliaal wants to merge 1 commit into
masterfrom
gh15672-stack-limit

Conversation

@iliaal

@iliaal iliaal commented Jul 1, 2026

Copy link
Copy Markdown
Owner

An internal function that recurses through zend_call_function (which invokes internal handlers directly, with no VM frame and no stack-limit check) never yields back to the VM, so the C stack overflows into a SEGV. This adds the interpreter's stack-limit check to that path, behind ZEND_CHECK_STACK_LIMIT, raising the usual "Maximum call stack size reached" error instead. It covers a MultipleIterator or AppendIterator attached to itself, and a mutual cycle between two such iterators. Fixes php#15672 and php#15911.

zend_call_function invokes an internal callee's handler directly, with no
VM frame and without the stack-limit check the interpreter runs at its
call opcodes. An internal function that recurses through zend_call_function,
such as a self- or mutually-attached SPL iterator, never yields back to the
VM, so nothing bounds the recursion and the C stack overflows into a SEGV.

Check zend_call_stack_overflowed() in the internal branch behind
ZEND_CHECK_STACK_LIMIT, raise the usual "Maximum call stack size reached"
error on overflow, and tear the just-built call frame down as the normal
return path does.

Fixes phpGH-15672
Fixes phpGH-15911
@iliaal

iliaal commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

Promoted upstream: php#22545.

@iliaal iliaal closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Segmentation fault in Zend/zend_execute_API.c

1 participant