Skip to content

Do not scan generator frames more than once #15330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
arnaud-lb merged 1 commit into from
Aug 28, 2024
Merged

Do not scan generator frames more than once #15330

arnaud-lb merged 1 commit into from
Aug 28, 2024

Conversation

@arnaud-lb
Copy link
Member

@arnaud-lb arnaud-lb commented Aug 10, 2024

When a suspended Fiber contains a generator frame, the frame may be scanned twice: When scanning the Fiber, and again when scanning the Generator.

This change fixes this.

This also fixes a memory leak when an internal function call frame has the ZEND_CALL_RELEASE_THIS or ZEND_CALL_CLOSURE flags, as these was ignored for internal calls in zend_unfinished_execution_gc_ex().

@arnaud-lb arnaud-lb requested a review from bwoebi August 10, 2024 14:22
@arnaud-lb arnaud-lb force-pushed the fuzz-crash branch 2 times, most recently from 5fa7c8c to e2722f7 Compare August 10, 2024 14:27
@arnaud-lb arnaud-lb marked this pull request as ready for review August 12, 2024 09:32
@iluuu1994 iluuu1994 removed their request for review August 13, 2024 14:33
dstogov
dstogov reviewed Aug 26, 2024
View reviewed changes
Copy link
Member

@dstogov dstogov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arnaud-lb now you know this area better than me.
Merge this if you don't see problems.

Is this related to OSS-FUZZ #70879?

bwoebi
bwoebi reviewed Aug 26, 2024
View reviewed changes
Zend/zend_fibers.c
* - If the generator is not running, the Generator's GC handler
* will inspect it. In this case we have to skip the frame.
*/
if (!(generator->flags & ZEND_GENERATOR_CURRENTLY_RUNNING)) {
Copy link
Member

@bwoebi bwoebi Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can a generator be not running and on the fiber stacktrace at the same time? As far as I'm know, running generator <=> generator exists on exactly one stacktrace?
Isn't that check redundant?

Copy link
Member Author

@arnaud-lb arnaud-lb Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generators stopped in yield from do not have the ZEND_GENERATOR_CURRENTLY_RUNNING flag. We consider them to be running in most places because we check zend_generator_get_current(generator)->flags instead of generator->flags.

Copy link
Member

@bwoebi bwoebi Aug 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, right, I forgot about the placeholder frame.

@arnaud-lb
Copy link
Member Author

arnaud-lb commented Aug 26, 2024

@dstogov yes this is related to this issue

@arnaud-lb arnaud-lb changed the base branch from master to PHP-8.2 August 28, 2024 14:51
@arnaud-lb arnaud-lb merged commit cd25500 into php:PHP-8.2 Aug 28, 2024
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
[ci skip] NEWS for GH-15330
4db7814
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
Merge branch 'PHP-8.2' into PHP-8.3
f551a71 
* PHP-8.2:
  [ci skip] NEWS for GH-15330
  Do not scan generator frames more than once (#15330)
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
[ci skip] NEWS for GH-15330
0e9e591
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
Merge branch 'PHP-8.3'
bf96980 
* PHP-8.3:
  [ci skip] NEWS for GH-15330
  [ci skip] NEWS for GH-15330
  Do not scan generator frames more than once (#15330)
arnaud-lb added a commit that referenced this pull request Aug 28, 2024
@arnaud-lb
[ci skip] NEWS for GH-15330
180a5c3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dstogov dstogov dstogov left review comments

@bwoebi bwoebi bwoebi left review comments

Assignees

No one assigned

Labels

Category: Engine

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arnaud-lb @dstogov @bwoebi