From e9fc81a2f8553a4add48933c7c935912bad9f6fb Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 21 Mar 2022 13:34:46 +0300 Subject: [PATCH] JIT: Fix missing type store Fixes oss-fuzz #45604 --- ext/opcache/jit/zend_jit_trace.c | 9 ++++++- ext/opcache/tests/jit/qm_assign_003.phpt | 31 ++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/jit/qm_assign_003.phpt diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c index 4d00c14015b..adfcb6fa403 100644 --- a/ext/opcache/jit/zend_jit_trace.c +++ b/ext/opcache/jit/zend_jit_trace.c @@ -4760,9 +4760,16 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par #else res_use_info = MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE; #endif + res_addr = RES_REG_ADDR(); + if (Z_MODE(res_addr) != IS_REG && + STACK_TYPE(stack, EX_VAR_TO_NUM(opline->result.var)) != + STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->result.var))) { + /* type may be not set */ + res_use_info |= MAY_BE_NULL; + } if (!zend_jit_qm_assign(&dasm_state, opline, op1_info, op1_addr, op1_def_addr, - res_use_info, res_info, RES_REG_ADDR())) { + res_use_info, res_info, res_addr)) { goto jit_failure; } if (opline->op1_type == IS_CV diff --git a/ext/opcache/tests/jit/qm_assign_003.phpt b/ext/opcache/tests/jit/qm_assign_003.phpt new file mode 100644 index 00000000000..5d88d9116d9 --- /dev/null +++ b/ext/opcache/tests/jit/qm_assign_003.phpt @@ -0,0 +1,31 @@ +--TEST-- +JIT QM_ASSIGN: 003 missing type store +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +--FILE-- + +DONE +--EXPECTF-- +Warning: Undefined variable $cnt in %sqm_assign_003.php on line 3 + +Warning: Undefined variable $a in %sqm_assign_003.php on line 4 + +Warning: Undefined variable $cnt in %sqm_assign_003.php on line 3 +DONE \ No newline at end of file