archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-17190: Assertion failure ext/opcache/jit/ir/ir_gcm.c (#17221)

Browse source
This commit is contained in:
Dmitry Stogov 2024-12-20 10:59:33 +03:00 committed by GitHub
parent 73857e66d2
commit f8d2e00964
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 47 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
ext/opcache/jit/zend_jit_ir.c
View file

@ -13380,6 +13380,14 @@ static int zend_jit_assign_dim_op(zend_jit_ctx *jit,
op1_addr = zend_jit_prepare_array_update(jit, opline, op1_info, op1_addr, &if_type, &ht_ref, &may_throw); op1_addr = zend_jit_prepare_array_update(jit, opline, op1_info, op1_addr, &if_type, &ht_ref, &may_throw);
if (Z_MODE(op3_addr) == IS_REG
&& Z_LOAD(op3_addr)
&& jit->ra[Z_SSA_VAR(op3_addr)].ref == IR_NULL) {
/* Force load */
zend_jit_use_reg(jit, op3_addr);
}
if (op1_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_ARRAY)) { if (op1_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_ARRAY)) {
uint32_t var_def_info = zend_array_element_type(op1_def_info, opline->op1_type, 1, 0); uint32_t var_def_info = zend_array_element_type(op1_def_info, opline->op1_type, 1, 0);
@ -15015,6 +15023,13 @@ static int zend_jit_assign_obj_op(zend_jit_ctx *jit,
&& prop_type != IS_REFERENCE && prop_type != IS_REFERENCE
&& (op1_info & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_OBJECT); && (op1_info & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_OBJECT);
if (Z_MODE(val_addr) == IS_REG
&& Z_LOAD(val_addr)
&& jit->ra[Z_SSA_VAR(val_addr)].ref == IR_NULL) {
/* Force load */
zend_jit_use_reg(jit, val_addr);
}
if (!prop_info) { if (!prop_info) {
ir_ref run_time_cache = ir_LOAD_A(jit_EX(run_time_cache)); ir_ref run_time_cache = ir_LOAD_A(jit_EX(run_time_cache));
ir_ref ref = ir_LOAD_A(ir_ADD_OFFSET(run_time_cache, (opline+1)->extended_value & ~ZEND_FETCH_OBJ_FLAGS)); ir_ref ref = ir_LOAD_A(ir_ADD_OFFSET(run_time_cache, (opline+1)->extended_value & ~ZEND_FETCH_OBJ_FLAGS));

32
ext/opcache/tests/jit/gh17190.phpt Normal file
View file

@ -0,0 +1,32 @@
--TEST--
GH-17190 (Assertion failure ext/opcache/jit/ir/ir_gcm.c)
--EXTENSIONS--
opcache
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=32M
opcache.jit=function
--FILE--
<?php
$a = [2147483647,2147483647,2147483647,3,0,0,32,2147483584,127];
echo @crc32(json_encode(bitwise_small_split($a))) . "\n";
function bitwise_small_split($val) {
$split = 8;
$len = count($val);
while ($i != $len) {
if (!$overflow) {
$remaining -= $split;
$overflow = $split <= $remaining ? 0 : $split - $remaining;
} elseif (++$i != $len) {
$fusion[$i] >>= $overflow;
$remaining = 31 - $overflow;
$overflow = $split <= $remaining ? 0 : $split - $remaining;
}
}
}
?>
--EXPECT--
634125391