[ErrorHandler] Don't format binary strings

Calling var_export on a binary string easily causes memory exhaustion if
it's called with even a small image.

Fixes symfony#53005

Author: aleho

src/Symfony/Bridge/Twig/Extension/CodeExtension.php

@@ -97,8 +97,10 @@ public function formatArgs(array $args): string
                 $formattedValue = '<em>'.strtolower(htmlspecialchars(var_export($item[1], true), \ENT_COMPAT | \ENT_SUBSTITUTE, $this->charset)).'</em>';
             } elseif ('resource' === $item[0]) {
                 $formattedValue = '<em>resource</em>';
+            } elseif (preg_match('/[^\x07-\x0D\x1B\x20-\xFF]/', $item[1])) {
+                $formattedValue = '<em>binary string</em>';
             } else {
-                $formattedValue = str_replace("\n", '', htmlspecialchars(var_export($item[1], true), \ENT_COMPAT | \ENT_SUBSTITUTE, $this->charset));
+                $formattedValue = str_replace("\n", '', $this->escape(var_export($item[1], true)));
             }
 
             $result[] = \is_int($key) ? $formattedValue : sprintf("'%s' => %s", htmlspecialchars($key, \ENT_COMPAT | \ENT_SUBSTITUTE, $this->charset), $formattedValue);

src/Symfony/Component/ErrorHandler/ErrorRenderer/HtmlErrorRenderer.php

@@ -173,6 +173,8 @@ private function formatArgs(array $args): string
                 $formattedValue = '<em>'.strtolower(var_export($item[1], true)).'</em>';
             } elseif ('resource' === $item[0]) {
                 $formattedValue = '<em>resource</em>';
+            } elseif (preg_match('/[^\x07-\x0D\x1B\x20-\xFF]/', $item[1])) {
+                $formattedValue = '<em>binary string</em>';
             } else {
                 $formattedValue = str_replace("\n", '', $this->escape(var_export($item[1], true)));
             }

src/Symfony/Component/ErrorHandler/Tests/ErrorRenderer/HtmlErrorRendererTest.php

@@ -54,4 +54,45 @@ public static function getRenderData(): iterable
             $expectedNonDebug,
         ];
     }
+
+    public function testRendersStackWithoutBinaryStrings()
+    {
+        if (\PHP_VERSION_ID >= 70400) {
+            // make sure method arguments are available in stack traces (see https://www.php.net/manual/en/ini.core.php)
+            ini_set('zend.exception_ignore_args', false);
+        }
+
+        $binaryData = file_get_contents(__DIR__ . '/../Fixtures/pixel.png');
+        $exception = $this->getRuntimeException($binaryData);
+
+        $rendered = (new HtmlErrorRenderer(true))->render($exception)->getAsString();
+
+        $this->assertStringContainsString(
+            "buildRuntimeException('FooException')",
+            $rendered,
+            '->render() contains the method call with "FooException"'
+        );
+
+        $this->assertStringContainsString(
+            'getRuntimeException(binary string)',
+            $rendered,
+            '->render() contains the method call with "binary string" replacement'
+        );
+
+        $this->assertStringContainsString(
+            '<em>binary string</em>',
+            $rendered,
+            '->render() returns the HTML content with "binary string" replacement'
+        );
+    }
+
+    private function getRuntimeException(string $unusedArgument): \RuntimeException
+    {
+        return $this->buildRuntimeException('FooException');
+    }
+
+    private function buildRuntimeException(string $message): \RuntimeException
+    {
+        return new \RuntimeException($message);
+    }
 }