From d2c5b3b25b188f27175011186c88b1002df25ac4 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 15 Nov 2025 15:14:25 +0000 Subject: [PATCH] Fix GH-20483: ASAN stack overflow with small fiber.stack_size INI value. close GH-20495 --- NEWS | 4 ++++ Zend/tests/fibers/gh20483.phpt | 16 ++++++++++++++++ Zend/zend_fibers.c | 7 ++++++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 Zend/tests/fibers/gh20483.phpt diff --git a/NEWS b/NEWS index c9ff9ac461d..5ddc2633d19 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,10 @@ PHP NEWS - DOM: . Fix missing NUL byte check on C14NFile(). (ndossche) +- Fibers: + . Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI + small value). (David Carlier) + - Opcache: . Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). (Arnaud) diff --git a/Zend/tests/fibers/gh20483.phpt b/Zend/tests/fibers/gh20483.phpt new file mode 100644 index 00000000000..e06cf87258e --- /dev/null +++ b/Zend/tests/fibers/gh20483.phpt @@ -0,0 +1,16 @@ +--TEST-- +GH-20483 (ASAN stack overflow with small fiber.stack_size INI value) +--INI-- +fiber.stack_size=1024 +--FILE-- +start(); +} catch (Exception $e) { + echo $e->getMessage() . "\n"; +} +?> +--EXPECTF-- +Fiber stack size is too small, it needs to be at least %d bytes diff --git a/Zend/zend_fibers.c b/Zend/zend_fibers.c index 6b6c1eaae1a..96f6e99e714 100644 --- a/Zend/zend_fibers.c +++ b/Zend/zend_fibers.c @@ -206,7 +206,12 @@ static zend_fiber_stack *zend_fiber_stack_allocate(size_t size) { void *pointer; const size_t page_size = zend_fiber_get_page_size(); - const size_t minimum_stack_size = page_size + ZEND_FIBER_GUARD_PAGES * page_size; + const size_t minimum_stack_size = page_size + ZEND_FIBER_GUARD_PAGES * page_size +#ifdef __SANITIZE_ADDRESS__ + // necessary correction due to ASAN redzones + * 6 +#endif + ; if (size < minimum_stack_size) { zend_throw_exception_ex(NULL, 0, "Fiber stack size is too small, it needs to be at least %zu bytes", minimum_stack_size);