Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:29620 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89536 invoked by uid 1010); 21 May 2007 14:40:50 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 89521 invoked from network); 21 May 2007 14:40:50 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 May 2007 14:40:50 -0000 Authentication-Results: pb1.pair.com header.from=nlopess@php.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=nlopess@php.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain php.net from 212.55.154.21 cause and error) X-PHP-List-Original-Sender: nlopess@php.net X-Host-Fingerprint: 212.55.154.21 relay1.ptmail.sapo.pt Linux 2.4/2.6 Received: from [212.55.154.21] ([212.55.154.21:51418] helo=sapo.pt) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DC/29-03101-E6FA1564 for ; Mon, 21 May 2007 10:40:49 -0400 Received: (qmail 22431 invoked from network); 21 May 2007 14:40:43 -0000 Received: from unknown (HELO sapo.pt) (10.134.35.208) by relay1 with SMTP; 21 May 2007 14:40:43 -0000 Received: (qmail 8822 invoked from network); 21 May 2007 14:40:10 -0000 X-AntiVirus: PTMail-AV 0.3-0.90.1 X-Virus-Status: Clean (0.06803 seconds) Received: from unknown (HELO pc07653) (nunoplopes@sapo.pt@[85.240.51.38]) (envelope-sender ) by mta13 (qmail-ldap-1.03) with SMTP for ; 21 May 2007 14:40:10 -0000 Message-ID: <00d101c79bb5$ef107ed0$0100a8c0@pc07653> To: "Stefan Esser" , "Stanislav Malyshev" , "PHP internals" References: <465022BE.1020905@hardened-php.net> <4651351D.8010306@zend.com> <46513D1C.2030104@hardened-php.net> Date: Mon, 21 May 2007 15:39:56 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-15"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: Re: [PHP-DEV] Dismantling the lies... From: nlopess@php.net ("Nuno Lopes") >> I don't imagine how one really could calculate maximum depth without >> solving the halting problem, so I must be missing something. I ask >> somebody who knows what these patches are to send me a link - if there >> were patches that do that automatically for any code I would very much >> like to see them. >> Adding the arbitrary - even configurable - limit doesn't seem to me the >> correct solution, since it has high potential to break application code > > Maybe I was a bit unspecific. If I recall correctly Nuno had some patch > (or was it someone else) that was keeping track of depth and maximum > stack size > and was deciding on the fly if another step deeper could crash. Of > course you need some sane detection. For the record the patch I had is this: http://mega.ist.utl.pt/~ncpl/zend_stack_protection.txt (it shouldn't apply cleanly due to some changes in zend_try some time ago). The approach of this patch is not to know in advance if there's still available stack, but rather catch the SIGSEGV and bailout. I used this approach in order to catch problems in external libraries, too. By that time I was thinking in pcre, which was pretty easy to segfault with user-provided data (now this is not the case because its internal recursion depth can be limited - although with a PHP_INI_ALL config). This approach is not very portable though, and by the time I was told that probably it wouldn't play well with Apache signal handlers. Knowing in advance if you can recurse or not doesn't sound much difficult in theory.. You can get the limit (e.g. with getrlimit) then you can know how much stack does a function call take, and then you can use a heuristic to make the decision. This isn't 100% secure though (the limited depth approach isn't too), but it's an option. I would love to ear how other VMs handle the problem, like the JVM, anyone? Nuno