Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74771 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 68564 invoked from network); 6 Jun 2014 06:56:03 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jun 2014 06:56:03 -0000 Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain zend.com from 209.85.220.174 cause and error) X-PHP-List-Original-Sender: dmitry@zend.com X-Host-Fingerprint: 209.85.220.174 mail-vc0-f174.google.com Received: from [209.85.220.174] ([209.85.220.174:54614] helo=mail-vc0-f174.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5D/90-63196-20661935 for ; Fri, 06 Jun 2014 02:56:02 -0400 Received: by mail-vc0-f174.google.com with SMTP id ik5so2459110vcb.19 for ; Thu, 05 Jun 2014 23:56:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=nPmpuArR/F3Q7wqpXDfWjWC0/aMTAPSudy/uZYlu8EE=; b=VPveOfXYggdIJ4GuPm4BvH6r/WyCh0zG58VKmS9J2tPVYSLg1xJkWh/cRW1ainc1Ic vmWWGgC0KcLQarJBIKJQ2v2d3JxNG5mvXKZ/l9py3Rd7Z/AKH3SRaZ1zOhK1BXRs3iYA +DWOl4HnewdTN3SRZ53ZGAjaP0SRo4QedBblGHKnmbU/DaqAqtDueSPM2h/IjfHpa0F/ kweGUEkGCjd8tYBJZg8fFBP4sSyRuzemrKC+/mMRi9Kl5dqFgSu7vOBawFTlxD14KWI3 ZoWUAO6COpa9RK0suVaW40SWjIuZvAG3dCeakMH6SjUdfTjLUElEa8808qChCbTTt/7O dZrw== X-Gm-Message-State: ALoCoQn27WMT6jZFNK6qt1vaJHfhsca2mi2Qkzh1ipbTuZ/zWn96eglGjniYSTXPnLSg+5D4tk8w5OtKyd+kaOtcz9eYYetYgDnErp5G+1IQSJ//68ne55mLIlTDdxQsKVU5BLT7C+BR MIME-Version: 1.0 X-Received: by 10.221.9.72 with SMTP id ov8mr2363460vcb.27.1402037759886; Thu, 05 Jun 2014 23:55:59 -0700 (PDT) Received: by 10.52.111.71 with HTTP; Thu, 5 Jun 2014 23:55:59 -0700 (PDT) In-Reply-To: References: <1361810738.2376.74.camel@guybrush> <512BA931.7010909@sugarcrm.com> <512BB284.4060900@sugarcrm.com> <1361826106.2376.78.camel@guybrush> <512E6732.6010601@sugarcrm.com> Date: Fri, 6 Jun 2014 10:55:59 +0400 Message-ID: To: Ferenc Kovacs Cc: Stas Malyshev , Dmitry Stogov , Bob Weinand , PHP Developers Mailing List Content-Type: multipart/alternative; boundary=089e01177721a3e0f504fb255a58 Subject: Re: [PHP-DEV] About restricting the recursive implicit calls From: dmitry@zend.com (Dmitry Stogov) --089e01177721a3e0f504fb255a58 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The overhead of the patch is negligible, so it's not a big problem to include it from perf point of view, however: 1) It won't prevent crash because of C stack overflow, in case the limit is too big. 2) Disable check with some default value (0 or -1) would be also good 3) I'm not sure about naming. It would be better to use something more clear in INI name and error message, May be instead of this, we should check C stack pointer in zend_call_function() and throw exception or error, when the pointer comes close to the limit? This check must be compiler and may be platform specific :( Thanks. Dmitry. On Fri, Jun 6, 2014 at 10:25 AM, Ferenc Kovacs wrote: > > > > On Wed, Feb 27, 2013 at 10:15 PM, Ferenc Kovacs wrote: > >> >> >> >> On Wed, Feb 27, 2013 at 9:06 PM, Stas Malyshev >> wrote: >> >>> Hi! >>> >>> > May someone merge this PR (#290) as there are no arguments against it= ? >>> >>> I just outlined arguments against it in my last emails. If your email i= s >>> not working properly and you miss some emails please check the list >>> archives. >>> >>> > Or do I have to wait a little bit? (How long?) >>> >>> In my personal opinion, indefinitely long, since I think it is not a >>> good idea at all to have it in the core, and the same functionality >>> already exists in xdebug. >>> >>> >> and in suhosin. >> I think that it is a pretty handy feature, both from the security >> pov(hitting a fatal error is better than php crashing, killing the worke= rs, >> resetting random seed, etc.) and can help with debugging the problem(as = you >> will lose the non flushed output buffer on the crash). >> so if we could find an implementation which addresses your issues(no >> major perf cost, sane defaults, no edge cases left out, etc.) then I can= 't >> see why we shouldn't add it. >> >> -- >> Ferenc Kov=C3=A1cs >> @Tyr43l - http://tyrael.hu >> > > sorry for resurecting the old thread, > if we are concerned about the perf cost of counting and checking the > recursion, and that the default value would break some application, maybe > we could introduce this as an optional feature: the ini setting is 0 by > default, which will disable even the checks for recursion, so people have > to opt-in to use it and it's their burden to configure it properly. > I know that this would still allow distros and hosters to misuse it, and > probably some apps will start checking for this setting to (hopefully onl= y) > warn about the setting being too low, or even picking a different strateg= y > when the setting is too low or simply increasing the limit at runtime. > maybe we can do something in the next major version which would allow us > to gracefully bail from these kind of errors without imposing arbitrary > limits? > > -- > Ferenc Kov=C3=A1cs > @Tyr43l - http://tyrael.hu > --089e01177721a3e0f504fb255a58--