From 2b7fddb20767509460b632acb987b7684ce36335 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Tue, 30 Jun 2026 14:49:54 +0530 Subject: [PATCH 1/2] Zend: Fix stack overflow crash in recursive function --- Zend/zend_builtin_functions.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 2dceac2512db..16e740eec4aa 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1940,6 +1940,9 @@ ZEND_API void zend_fetch_debug_backtrace(zval *return_value, int skip_last, int /* For frameless calls we add an additional frame for the call itself. */ if (ZEND_USER_CODE(call->func->type)) { const zend_op *opline = call->opline; + if (UNEXPECTED(!opline)) { + goto not_frameless_call; + } if (!ZEND_OP_IS_FRAMELESS_ICALL(opline->opcode)) { goto not_frameless_call; } From 6ee395af68dd97b38c499f63895df71c255fe911 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Tue, 30 Jun 2026 17:26:04 +0530 Subject: [PATCH 2/2] Zend: Fix stack overflow crash in recursive function --- Zend/tests/gh22521.phpt | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 Zend/tests/gh22521.phpt diff --git a/Zend/tests/gh22521.phpt b/Zend/tests/gh22521.phpt new file mode 100644 index 000000000000..a5e91ded5a8f --- /dev/null +++ b/Zend/tests/gh22521.phpt @@ -0,0 +1,24 @@ +--TEST-- +GH-22521: Infinite recursion inside try/catch should not crash unpredictably +--INI-- +memory_limit=8G +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Fatal error: Allowed memory size of %d bytes exhausted at %s:%d (tried to allocate %d bytes) in %s on line %d