php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-11 18:13:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.0' into PHP-8.1

Browse Source 
* PHP-8.0:
  JIT: Fix uninitialized result of ASSIGN_DIM[_OP] after clobbering array by user error handler
This commit is contained in:
Dmitry Stogov
2021-11-30 11:41:55 +03:00
parent 3c3626a903 6e1fe96962
commit 005d5f4df8
2 changed files with 44 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ext/opcache/jit/zend_jit_helpers.c
View File

@@ -570,6 +570,8 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
zend_ulong hval;
zend_string *offset_key;
zval *retval;
zend_execute_data *execute_data;
const zend_op *opline;
if (Z_TYPE_P(dim) == IS_REFERENCE) {
dim = Z_REFVAL_P(dim);
@@ -583,9 +585,15 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
offset_key = Z_STR_P(dim);
goto str_index;
case IS_UNDEF:
if (!zend_jit_undefined_op_helper_write(ht, EG(current_execute_data)->opline->op2.var)) {
if (EG(exception)) {
undef_result_after_exception();
execute_data = EG(current_execute_data);
opline = EX(opline);
if (!zend_jit_undefined_op_helper_write(ht, opline->op2.var)) {
if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
if (EG(exception)) {
ZVAL_UNDEF(EX_VAR(opline->result.var));
} else {
ZVAL_NULL(EX_VAR(opline->result.var));
}
}
return NULL;
}
@@ -636,6 +644,8 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_w_helper(zend_array *ht, zval *dim
zend_ulong hval;
zend_string *offset_key;
zval *retval;
zend_execute_data *execute_data;
const zend_op *opline;
if (Z_TYPE_P(dim) == IS_REFERENCE) {
dim = Z_REFVAL_P(dim);
@@ -649,9 +659,15 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_w_helper(zend_array *ht, zval *dim
offset_key = Z_STR_P(dim);
goto str_index;
case IS_UNDEF:
if (!zend_jit_undefined_op_helper_write(ht, EG(current_execute_data)->opline->op2.var)) {
if (EG(exception)) {
undef_result_after_exception();
execute_data = EG(current_execute_data);
opline = EX(opline);
if (!zend_jit_undefined_op_helper_write(ht, opline->op2.var)) {
if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
if (EG(exception)) {
ZVAL_UNDEF(EX_VAR(opline->result.var));
} else {
ZVAL_NULL(EX_VAR(opline->result.var));
}
}
return NULL;
}

22
ext/opcache/tests/jit/assign_dim_005.phpt Normal file
View File

@@ -0,0 +1,22 @@
--TEST--
JIT ASSIGN_DIM: 005
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--FILE--
<?php
set_error_handler(function ($code, $msg) {
echo "Error: $msg\n";
$GLOBALS['a'] = null;
});
$a[$c] =
$a[$c] = 'x' ;
var_dump($a);
?>
--EXPECT--
Error: Undefined variable $c
Error: Undefined variable $c
NULL