diff --git a/NEWS b/NEWS index 4e734a6e9c0..6c54aa4c998 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,10 @@ PHP NEWS - Intl: . Fixed bug GH-11874 (intl causing segfault in docker images). (nielsdos) +- Opcache: + . Fixed bug GH-15981 (Segfault with frameless jumps and minimal JIT). + (nielsdos) + - PHPDBG: . Fix crashes in function registration + test. (nielsdos, Girgias) diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c index 21870089e48..3c0bb0ee555 100644 --- a/ext/opcache/jit/zend_jit.c +++ b/ext/opcache/jit/zend_jit.c @@ -2489,6 +2489,11 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op goto jit_failure; } goto done; + case ZEND_JMP_FRAMELESS: + if (!zend_jit_jmp_frameless(&ctx, opline, /* exit_addr */ NULL, /* guard */ 0)) { + goto jit_failure; + } + goto done; case ZEND_INIT_METHOD_CALL: if (opline->op2_type != IS_CONST || Z_TYPE_P(RT_CONSTANT(opline, opline->op2)) != IS_STRING) { @@ -2644,17 +2649,13 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op case ZEND_FE_FETCH_R: case ZEND_FE_FETCH_RW: case ZEND_BIND_INIT_STATIC_OR_JMP: + case ZEND_JMP_FRAMELESS: if (!zend_jit_handler(&ctx, opline, zend_may_throw(opline, ssa_op, op_array, ssa)) || !zend_jit_cond_jmp(&ctx, opline + 1, ssa->cfg.blocks[b].successors[0])) { goto jit_failure; } break; - case ZEND_JMP_FRAMELESS: - if (!zend_jit_jmp_frameless(&ctx, opline, /* exit_addr */ NULL, /* guard */ 0)) { - goto jit_failure; - } - break; case ZEND_NEW: if (!zend_jit_handler(&ctx, opline, 1)) { return 0; diff --git a/ext/opcache/tests/jit/gh15981.phpt b/ext/opcache/tests/jit/gh15981.phpt new file mode 100644 index 00000000000..823b6122dc1 --- /dev/null +++ b/ext/opcache/tests/jit/gh15981.phpt @@ -0,0 +1,24 @@ +--TEST-- +GH-15981 (Segfault with frameless jumps and minimal JIT) +--EXTENSIONS-- +opcache +--INI-- +opcache.jit=1111 +--FILE-- + +--EXPECTF-- +string(%d) "%s"