Fix phpGH-15169: stack overflow when var serialization in ext/standard/var

Adding a stack check here as I consider serialization to be a more
sensitive place where erroring out with an exception seems appropriate.

Author: nielsdos

ext/standard/tests/serialize/gh15169.phpt

@@ -0,0 +1,35 @@
+--TEST--
+GH-15169 (stack overflow when var serialization in ext/standard/var)
+--SKIPIF--
+<?php
+if (ini_get('zend.max_allowed_stack_size') === false) {
+    die('skip No stack limit support');
+}
+if (getenv('SKIP_ASAN')) {
+    die('skip ASAN needs different stack limit setting due to more stack space usage');
+}
+?>
+--INI--
+zend.max_allowed_stack_size=512K
+--FILE--
+<?php
+class Node
+{
+    public $next;
+}
+$firstNode = new Node();
+$node = $firstNode;
+for ($i = 0; $i < 30000; $i++) {
+    $newNode = new Node();
+    $node->next = $newNode;
+    $node = $newNode;
+}
+
+try {
+    serialize($firstNode);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Maximum call stack size reached. Infinite recursion?

ext/standard/var.c

@@ -986,6 +986,15 @@ static void php_var_serialize_class(smart_str *buf, zval *struc, HashTable *ht,
 }
 /* }}} */
 
+static zend_always_inline bool php_serialize_check_stack_limit(void)
+{
+#ifdef ZEND_CHECK_STACK_LIMIT
+	return zend_call_stack_overflowed(EG(stack_limit));
+#else
+	return false;
+#endif
+}
+
 static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_data_t var_hash, bool in_rcn_array, bool is_root) /* {{{ */
 {
 	zend_long var_already;
@@ -995,6 +1004,11 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_
 		return;
 	}
 
+	if (UNEXPECTED(php_serialize_check_stack_limit())) {
+		zend_throw_error(NULL, "Maximum call stack size reached. Infinite recursion?");
+		return;
+	}
+
 	if (var_hash && (var_already = php_add_var_hash(var_hash, struc, in_rcn_array))) {
 		if (var_already == -1) {
 			/* Reference to an object that failed to serialize, replace with null. */