- for packed arrays we store just an array of zvals without keys.
- the elements of packed array are accessible throuf as ht->arPacked[i]
instead of ht->arData[i]
- in addition to general ZEND_HASH_FOREACH_* macros, we introduced similar
familied for packed (ZEND_HASH_PACKED_FORECH_*) and real hashes
(ZEND_HASH_MAP_FOREACH_*)
- introduced an additional family of macros to access elements of array
(packed or real hashes) ZEND_ARRAY_ELEMET_SIZE, ZEND_ARRAY_ELEMET_EX,
ZEND_ARRAY_ELEMET, ZEND_ARRAY_NEXT_ELEMENT, ZEND_ARRAY_PREV_ELEMENT
- zend_hash_minmax() prototype was changed to compare only values
Because of smaller data set, this patch may show performance improvement
on some apps and benchmarks that use packed arrays. (~1% on PHP-Parser)
TODO:
- sapi/phpdbg needs special support for packed arrays (WATCH_ON_BUCKET).
- zend_hash_sort_ex() may require converting packed arrays to hash.
In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should only update ex if we update EG(exception).
Fixes oss-fuzz #40464.
FREE_OP_VAR_PTR() is like FREE_OP(), but only frees VAR, rather
than VARs and TMPs. I don't think this distinction makes sense
anymore, as opcodes using FREE_OP_VAR_PTR() generally only accept
VAR or CV. For the cases where other op types are accepted and
only freeing VAR is desired we already have FREE_OP_IF_VAR().
This drops FREE_OP_VAR_PTR(), leaving only FREE_OP() and
FREE_OP_IF_VAR().
Set the variable to null after emitting the undef var notice
rather than before. This avoids an assertion failure if the var
is unset by the error handler.
The flip side is that this may cause a leak instead, but that's
the more harmless outcome.
Fixes oss-fuzz #36604.
Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
The particular test case would crash with JIT, because the existence
of the reference was assumed.
Fixes oss-fuzz #39440.
Even though the input is not a reference (or not treated as such),
we still need to create a reference to satisfy the function
signature. Various code relies on reference arguments actually
being references. In this particular case, it would result in
a JIT crash.
The zend_call_function() implementation already handled this
correctly.
This issue only applies to debug builds: read_property can free
the object, but we'd try to check the object handlers afterwards.
Rewrite the check in a way that only accessed the object before
the read_property call.
Fixes oss-fuzz #38297.
We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.
Closes GH-7381.
The reference wrapper was destroyed while value still pointed into
it and was later used to assign the ASSIGN_DIM return value. This
could be fixed either by moving the return value assignment earlier,
or by working with the value that has been stored in the array.
I'm going with the latter here, because that matches what the
non-NEXT codepath does via assign_to_variable more closely.
Fixes oss-fuzz #36807.
