From ea0268264bd315d6081cbfe065ea4134cc445a93 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Mon, 8 Apr 2024 20:09:24 +0200
Subject: [PATCH] Fix GH-13903: ASAN false positive underflow when executing
 copy()

Closes GH-13917.
---
 NEWS               | 4 ++++
 Zend/zend_fibers.c | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/NEWS b/NEWS
index 47b3f5efb3a..14dae5531dc 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall
     handlers when JIT is enabled). (Bob)
 
+- Fibers:
+  . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
+    (nielsdos)
+
 - FPM:
   . Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
     (Jakub Zelenka)
diff --git a/Zend/zend_fibers.c b/Zend/zend_fibers.c
index ea91219a43a..81e6e8832a0 100644
--- a/Zend/zend_fibers.c
+++ b/Zend/zend_fibers.c
@@ -62,6 +62,7 @@
 #endif
 
 #ifdef __SANITIZE_ADDRESS__
+# include <sanitizer/asan_interface.h>
 # include <sanitizer/common_interface_defs.h>
 #endif
 
@@ -257,6 +258,12 @@ static void zend_fiber_stack_free(zend_fiber_stack *stack)
 
 	void *pointer = (void *) ((uintptr_t) stack->pointer - ZEND_FIBER_GUARD_PAGES * page_size);
 
+#ifdef __SANITIZE_ADDRESS__
+	/* If another mmap happens after unmapping, it may trigger the stale stack red zones
+	 * so we have to unpoison it before unmapping. */
+	ASAN_UNPOISON_MEMORY_REGION(pointer, stack->size + ZEND_FIBER_GUARD_PAGES * page_size);
+#endif
+
 #ifdef ZEND_WIN32
 	VirtualFree(pointer, 0, MEM_RELEASE);
 #else