archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

JIT: Fix incorrect reference-counting

Browse source 
This fixes oss-fuzz #47937
This commit is contained in:
Dmitry Stogov 2022-06-14 15:03:50 +03:00
parent 70e0e1ada6
commit 971b07ea60
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/opcache/jit/zend_jit_helpers.c
View file

@ -811,7 +811,7 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
opline = EX(opline);
zend_incompatible_double_to_long_error(Z_DVAL_P(dim));
if (!(GC_FLAGS(ht) & IS_ARRAY_IMMUTABLE) && GC_DELREF(ht) != 1) {
if (GC_REFCOUNT(ht)) {
if (!GC_REFCOUNT(ht)) {
zend_array_destroy(ht);
}
if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
@ -841,7 +841,7 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
opline = EX(opline);
zend_use_resource_as_offset(dim);
if (!(GC_FLAGS(ht) & IS_ARRAY_IMMUTABLE) && GC_DELREF(ht) != 1) {
if (GC_REFCOUNT(ht)) {
if (!GC_REFCOUNT(ht)) {
zend_array_destroy(ht);
}
if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {