Skip to content

Do not scan generator frames more than once#15330

Merged
arnaud-lb merged 1 commit intophp:PHP-8.2from
arnaud-lb:fuzz-crash
Aug 28, 2024
Merged

Do not scan generator frames more than once#15330
arnaud-lb merged 1 commit intophp:PHP-8.2from
arnaud-lb:fuzz-crash

Conversation

@arnaud-lb
Copy link
Member

@arnaud-lb arnaud-lb commented Aug 10, 2024

When a suspended Fiber contains a generator frame, the frame may be scanned twice: When scanning the Fiber, and again when scanning the Generator.

This change fixes this.

This also fixes a memory leak when an internal function call frame has the ZEND_CALL_RELEASE_THIS or ZEND_CALL_CLOSURE flags, as these was ignored for internal calls in zend_unfinished_execution_gc_ex().

@arnaud-lb arnaud-lb requested a review from bwoebi August 10, 2024 14:22
@arnaud-lb arnaud-lb force-pushed the fuzz-crash branch 2 times, most recently from 5fa7c8c to e2722f7 Compare August 10, 2024 14:27
@arnaud-lb arnaud-lb marked this pull request as ready for review August 12, 2024 09:32
@iluuu1994 iluuu1994 removed their request for review August 13, 2024 14:33
dstogov
dstogov reviewed Aug 26, 2024
View reviewed changes
Copy link
Member

@dstogov dstogov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arnaud-lb now you know this area better than me.
Merge this if you don't see problems.

Is this related to OSS-FUZZ #70879?

bwoebi
bwoebi reviewed Aug 26, 2024
View reviewed changes
Zend/zend_fibers.c
* - If the generator is not running, the Generator's GC handler
* will inspect it. In this case we have to skip the frame.
*/
if (!(generator->flags & ZEND_GENERATOR_CURRENTLY_RUNNING)) {
Copy link
Member

@bwoebi bwoebi Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can a generator be not running and on the fiber stacktrace at the same time? As far as I'm know, running generator <=> generator exists on exactly one stacktrace?
Isn't that check redundant?

Copy link
Member Author

@arnaud-lb arnaud-lb Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generators stopped in yield from do not have the ZEND_GENERATOR_CURRENTLY_RUNNING flag. We consider them to be running in most places because we check zend_generator_get_current(generator)->flags instead of generator->flags.

Copy link
Member

@bwoebi bwoebi Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, right, I forgot about the placeholder frame.

@arnaud-lb
Copy link
Member Author

arnaud-lb commented Aug 26, 2024

@dstogov yes this is related to this issue

@arnaud-lb arnaud-lb changed the base branch from master to PHP-8.2 August 28, 2024 14:51
@arnaud-lb arnaud-lb merged commit cd25500 into php:PHP-8.2 Aug 28, 2024
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
[ci skip] NEWS for GH-15330
4db7814
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
Merge branch 'PHP-8.2' into PHP-8.3
f551a71 
* PHP-8.2:
  [ci skip] NEWS for GH-15330
  Do not scan generator frames more than once (#15330)
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
[ci skip] NEWS for GH-15330
0e9e591
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
Merge branch 'PHP-8.3'
bf96980 
* PHP-8.3:
  [ci skip] NEWS for GH-15330
  [ci skip] NEWS for GH-15330
  Do not scan generator frames more than once (#15330)
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
[ci skip] NEWS for GH-15330
180a5c3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dstogov dstogov dstogov left review comments

@bwoebi bwoebi bwoebi left review comments

Assignees

No one assigned

Labels

Category: Engine

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arnaud-lb @dstogov @bwoebi