archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix type inference

Browse source 
Fixes oss-fuzz #50792
This commit is contained in:
Dmitry Stogov 2022-09-05 12:55:50 +03:00
parent 6aedc5eaf0
commit 81cb005ef7
2 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ext/opcache/Optimizer/zend_inference.c
View file

@ -3319,6 +3319,9 @@ static zend_always_inline int _zend_update_type_info(
opline->op1_type,
opline->result_type == IS_VAR,
opline->op2_type == IS_UNUSED);
if (opline->opcode == ZEND_FETCH_DIM_FUNC_ARG && (t1 & (MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE|MAY_BE_RESOURCE))) {
tmp |= MAY_BE_NULL;
}
if (opline->opcode == ZEND_FETCH_DIM_IS && (t1 & MAY_BE_STRING)) {
tmp |= MAY_BE_NULL;
}

18
ext/opcache/tests/jit/fetch_dim_func_arg_002.phpt Normal file
View file

@ -0,0 +1,18 @@
--TEST--
JIT FETCH_DIM_FUNC_ARG: 002
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--SKIPIF--
<?php require_once('skipif.inc'); ?>
--FILE--
<?php
new class(true[""]) {
}
?>
DONE
--EXPECTF--
Warning: Trying to access array offset on value of type bool in %sfetch_dim_func_arg_002.php on line 2
DONE