Fix phpGH-13903: ASAN false positive underflow when executing copy()

Closes phpGH-13917.

Author: nielsdos

NEWS

@@ -6,6 +6,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall
     handlers when JIT is enabled). (Bob)
 
+- Fibers:
+  . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
+    (nielsdos)
+
 - FPM:
   . Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
     (Jakub Zelenka)

Zend/zend_fibers.c

@@ -62,6 +62,7 @@
 #endif
 
 #ifdef __SANITIZE_ADDRESS__
+# include <sanitizer/asan_interface.h>
 # include <sanitizer/common_interface_defs.h>
 #endif
 
@@ -257,6 +258,12 @@ static void zend_fiber_stack_free(zend_fiber_stack *stack)
 
 	void *pointer = (void *) ((uintptr_t) stack->pointer - ZEND_FIBER_GUARD_PAGES * page_size);
 
+#ifdef __SANITIZE_ADDRESS__
+	/* If another mmap happens after unmapping, it may trigger the stale stack red zones
+	 * so we have to unpoison it before unmapping. */
+	ASAN_UNPOISON_MEMORY_REGION(pointer, stack->size + ZEND_FIBER_GUARD_PAGES * page_size);
+#endif
+
 #ifdef ZEND_WIN32
 	VirtualFree(pointer, 0, MEM_RELEASE);
 #else