From 23e4e3b18b15ed3e10d5a387f6d8587d09562d99 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 24 Oct 2023 22:12:53 +0300 Subject: [PATCH] Fixed compilation of match with undefined input Fixes oss-fuzz #63542 --- ext/opcache/jit/zend_jit_ir.c | 10 +++++++--- ext/opcache/tests/jit/match_001.phpt | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 ext/opcache/tests/jit/match_001.phpt diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c index 7253e486131..689c994a717 100644 --- a/ext/opcache/jit/zend_jit_ir.c +++ b/ext/opcache/jit/zend_jit_ir.c @@ -15549,9 +15549,13 @@ static int zend_jit_switch(zend_jit_ctx *jit, const zend_op *opline, const zend_ ir_MERGE_list(continue_list); } else { if (default_input_list) { - ZEND_ASSERT(jit->ctx.ir_base[ref].op == IR_SWITCH); - ZEND_ASSERT(jit->ctx.ir_base[ref].op3 == IR_UNUSED); - jit->ctx.ir_base[ref].op3 = default_input_list; + if (jit->ctx.ir_base[ref].op == IR_SWITCH) { + ZEND_ASSERT(jit->ctx.ir_base[ref].op3 == IR_UNUSED); + jit->ctx.ir_base[ref].op3 = default_input_list; + } else { + ir_MERGE_list(default_input_list); + _zend_jit_add_predecessor_ref(jit, default_b, jit->b, ir_END()); + } } jit->b = -1; } diff --git a/ext/opcache/tests/jit/match_001.phpt b/ext/opcache/tests/jit/match_001.phpt new file mode 100644 index 00000000000..97bdb7188c6 --- /dev/null +++ b/ext/opcache/tests/jit/match_001.phpt @@ -0,0 +1,22 @@ +--TEST-- +Match with undefined input +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +--FILE-- +0}; +} +foo(); +?> +--EXPECTF-- +Warning: Undefined variable $y in %smatch_001.php on line 3 + +Fatal error: Uncaught UnhandledMatchError: Unhandled match case NULL in %smatch_001.php:3 +Stack trace: +#0 %smatch_001.php(5): foo() +#1 {main} + thrown in %smatch_001.php on line 3 \ No newline at end of file