archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.4'

Browse source 
* PHP-8.4:
  Fix GH-16009: Segmentation fault with frameless functions and undefined CVs
This commit is contained in:
Niels Dossche 2024-09-24 21:24:00 +02:00
commit 623c327d12
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
2 changed files with 46 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

30
ext/opcache/jit/zend_jit_ir.c
View file

@ -17224,7 +17224,10 @@ static void jit_frameless_icall1(zend_jit_ctx *jit, const zend_op *opline, uint3
ir_ref op1_ref = jit_ZVAL_ADDR(jit, op1_addr);
jit_set_Z_TYPE_INFO(jit, res_addr, IS_NULL);
if (opline->op1_type == IS_CV && (op1_info & MAY_BE_UNDEF)) {
zend_jit_zval_check_undef(jit, op1_ref, opline->op1.var, opline, 1);
op1_ref = zend_jit_zval_check_undef(jit, op1_ref, opline->op1.var, opline, 1);
op1_info &= ~MAY_BE_UNDEF;
op1_info |= MAY_BE_NULL;
op1_addr = ZEND_ADDR_REF_ZVAL(op1_ref);
}
if (op1_info & MAY_BE_REF) {
op1_ref = jit_ZVAL_DEREF_ref(jit, op1_ref);
@ -17266,10 +17269,16 @@ static void jit_frameless_icall2(zend_jit_ctx *jit, const zend_op *opline, uint3
ir_ref op2_ref = jit_ZVAL_ADDR(jit, op2_addr);
jit_set_Z_TYPE_INFO(jit, res_addr, IS_NULL);
if (opline->op1_type == IS_CV && (op1_info & MAY_BE_UNDEF)) {
zend_jit_zval_check_undef(jit, op1_ref, opline->op1.var, opline, 1);
op1_ref = zend_jit_zval_check_undef(jit, op1_ref, opline->op1.var, opline, 1);
op1_info &= ~MAY_BE_UNDEF;
op1_info |= MAY_BE_NULL;
op1_addr = ZEND_ADDR_REF_ZVAL(op1_ref);
}
if (opline->op2_type == IS_CV && (op2_info & MAY_BE_UNDEF)) {
zend_jit_zval_check_undef(jit, op2_ref, opline->op2.var, opline, 1);
op2_ref = zend_jit_zval_check_undef(jit, op2_ref, opline->op2.var, opline, 1);
op2_info &= ~MAY_BE_UNDEF;
op2_info |= MAY_BE_NULL;
op2_addr = ZEND_ADDR_REF_ZVAL(op2_ref);
}
if (op1_info & MAY_BE_REF) {
op1_ref = jit_ZVAL_DEREF_ref(jit, op1_ref);
@ -17325,13 +17334,22 @@ static void jit_frameless_icall3(zend_jit_ctx *jit, const zend_op *opline, uint3
ir_ref op3_ref = jit_ZVAL_ADDR(jit, op3_addr);
jit_set_Z_TYPE_INFO(jit, res_addr, IS_NULL);
if (opline->op1_type == IS_CV && (op1_info & MAY_BE_UNDEF)) {
zend_jit_zval_check_undef(jit, op1_ref, opline->op1.var, opline, 1);
op1_ref = zend_jit_zval_check_undef(jit, op1_ref, opline->op1.var, opline, 1);
op1_info &= ~MAY_BE_UNDEF;
op1_info |= MAY_BE_NULL;
op1_addr = ZEND_ADDR_REF_ZVAL(op1_ref);
}
if (opline->op2_type == IS_CV && (op2_info & MAY_BE_UNDEF)) {
zend_jit_zval_check_undef(jit, op2_ref, opline->op2.var, opline, 1);
op2_ref = zend_jit_zval_check_undef(jit, op2_ref, opline->op2.var, opline, 1);
op2_info &= ~MAY_BE_UNDEF;
op2_info |= MAY_BE_NULL;
op2_addr = ZEND_ADDR_REF_ZVAL(op2_ref);
}
if ((opline+1)->op1_type == IS_CV && (op1_data_info & MAY_BE_UNDEF)) {
zend_jit_zval_check_undef(jit, op3_ref, (opline+1)->op1.var, opline, 1);
op3_ref = zend_jit_zval_check_undef(jit, op3_ref, (opline+1)->op1.var, opline, 1);
op1_data_info &= ~MAY_BE_UNDEF;
op1_data_info |= MAY_BE_NULL;
op3_addr = ZEND_ADDR_REF_ZVAL(op3_ref);
}
if (op1_info & MAY_BE_REF) {
op1_ref = jit_ZVAL_DEREF_ref(jit, op1_ref);

22
ext/opcache/tests/jit/gh16009.phpt Normal file
View file

@ -0,0 +1,22 @@
--TEST--
GH-16009 (Segmentation fault with frameless functions and undefined CVs)
--EXTENSIONS--
opcache
--INI--
opcache.jit=1012
--FILE--
<?php
function testMin2Second(): int {
$value = min(100, $value);
return $value;
}
testMin2Second();
?>
--EXPECTF--
Warning: Undefined variable $value in %s on line %d
Fatal error: Uncaught TypeError: testMin2Second(): Return value must be of type int, null returned in %s:%d
Stack trace:
#0 %s(%d): testMin2Second()
#1 {main}
thrown in %s on line %d