Stack overflow during Fiber initialization caused by malformed fiber.stack_size value #20485
Closed as duplicate of#20483
Description
Description
The following code:
<?php
class a {
function __destruct() {
ini_set("fiber.stack_size"," 8847-D");
$fiber = new Fiber(function() {});
try {
$fiber->start();
} catch (Throwable $e) {}
$c[~~@~~-7] = //
error_reporting(E_ALL);
}
}
new a;Command:
USE_ZEND_ALLOC=0 ./php-src/sapi/cli/php poc.php
Resulted in this output:
Warning: Invalid "fiber.stack_size" setting. Invalid quantity " 8847-D": unknown multiplier "D", interpreting as " 8847" for backwards compatibility in /path/to/poc.php on line 4
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3191595==ERROR: AddressSanitizer: stack-overflow on address 0x7f179101cb08 (pc 0x56280de8615b bp 0x7f179101d330 sp 0x7f179101cb00 T0)
#0 0x56280de8615b in malloc (/path/to/php-src/sapi/cli/php+0x68615b) (BuildId: 78daf5f832c7fdbb3fc64cdca7de50663e951019)
#1 0x56280f4261b3 in __zend_malloc /path/to/php-src/Zend/zend_alloc.c:3543:14
#2 0x56280f425b40 in _emalloc /path/to/php-src/Zend/zend_alloc.c:2780:10
#3 0x56280f99b54f in _smart_string_alloc /path/to/php-src/Zend/zend_smart_str.c:172:13
#4 0x56280f22fe4c in smart_string_alloc /path/to/php-src/Zend/zend_smart_string.h:62:4
#5 0x56280f22fb0e in smart_string_appendc_ex /path/to/php-src/Zend/zend_smart_string.h:83:14
#6 0x56280f2282c3 in xbuf_format_converter /path/to/php-src/main/spprintf.c:220:4
#7 0x56280f227f79 in php_printf_to_smart_string /path/to/php-src/main/spprintf.c:750:2
#8 0x56280f9ca54d in zend_vspprintf /path/to/php-src/Zend/zend.c:294:2
#9 0x56280f9d5064 in zend_throw_error /path/to/php-src/Zend/zend.c:1828:2
#10 0x56280f591b21 in zend_call_stack_size_error /path/to/php-src/Zend/zend_execute.c:2618:2
#11 0x56280f5a23e5 in execute_ex /path/to/php-src/Zend/zend_vm_execute.h:116196:3
#12 0x56280f57cac1 in zend_call_function /path/to/php-src/Zend/zend_execute_API.c:1014:3
#13 0x56280f808a63 in zend_fiber_execute /path/to/php-src/Zend/zend_fibers.c:604:3
#14 0x56280f806122 in zend_fiber_trampoline /path/to/php-src/Zend/zend_fibers.c:387:2
#15 0x56280f1c302e in trampoline /path/to/php-src/Zend/asm/make_x86_64_sysv_elf_gas.S:177
SUMMARY: AddressSanitizer: stack-overflow (/path/to/php-src/sapi/cli/php+0x68615b) (BuildId: 78daf5f832c7fdbb3fc64cdca7de50663e951019) in malloc
==3191595==ABORTING
Commit:
9cd367362da5442861f30d3b41e967d641b90cbd
Build configuration:
CC="clang" CXX="clang++" CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" LDFLAGS="-fsanitize=address" ./buildconf --force && ./configure --enable-debug --enable-address-sanitizer --disable-shared --with-pic --enable-mbstring --with-zlib
PHP Version
PHP 8.6.0-dev (cli) (built: Nov 14 2025 16:07:53) (NTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.6.0-dev, Copyright (c) Zend Technologies
with Zend OPcache v8.6.0-dev, Copyright (c), by Zend Technologies
Operating System
Ubuntu 22.04