Fix GH-14361: Deep recursion in zend_cfg.c causes segfault instead of error #14432
Conversation
|
I think it's better to switch to iterative reachability mark algorithm (e.g. using zend_worklist) |
nielsdos
force-pushed
the
fix-14361-2
branch
2 times, most recently
from
5579b4c to
d2b79af
Compare
I agree. I changed it. |
Zend/Optimizer/zend_cfg.c
Outdated
| if (i == b->successors_count - 1) { | ||
| /* Tail call optimization */ | ||
| if (succ->flags & ZEND_BB_REACHABLE) { | ||
| return; | ||
| finished = true; | ||
| break; | ||
| } | ||
|
|
||
| b = succ; | ||
| break; | ||
| } else { |
There was a problem hiding this comment.
Iterative algorithm doesn't need tail call optimization any more.
This code may be removed as well as while (!finished) { loop.
|
Thanks, removed the tail call optimization
We currently don't always start from the entry block so I didn't change it here. |
Building the CFG for JIT or optimizations can run into deep recursion, and depending on the stack limit cause a segfault. This patch uses the stack limit check to fail out of those cases. This prevents a segfault.
We use this check elsewhere in the compiler as well. However, in this case we just make optimizations or JIT fail without aborting the application such that code can still execute.
The attached test case will succeed both without and with this patch, it is mainly intended to test if propagating failure doesn't cause crashes. To reproduce the issue, set a low stack limit using
ulimit -sand run the original test case from #14361