From d3063c02c6f46758051d6ee87fcfae8cee86c2b3 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 18 Oct 2021 22:14:53 +0300 Subject: [PATCH] Tracing JIT: Fixed memory leak --- ext/opcache/jit/zend_jit_x86.dasc | 20 ++++++++++---------- ext/opcache/tests/jit/fetch_dim_r_008.phpt | 16 ++++++++++++++++ 2 files changed, 26 insertions(+), 10 deletions(-) create mode 100644 ext/opcache/tests/jit/fetch_dim_r_008.phpt diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc index 235741426b4..8519e159a28 100644 --- a/ext/opcache/jit/zend_jit_x86.dasc +++ b/ext/opcache/jit/zend_jit_x86.dasc @@ -1384,7 +1384,7 @@ static void* dasm_labels[zend_lb_MAX]; |.macro ZVAL_DTOR_FUNC, var_info, opline // arg1 must be in FCARG1a || do { || if (!((var_info) & MAY_BE_GUARD) -|| && has_concrete_type((var_info) & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_INDIRECT))) { +|| && has_concrete_type((var_info) & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) { || zend_uchar type = concrete_type((var_info) & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE)); || if (type == IS_STRING && !ZEND_DEBUG) { | EXT_CALL _efree, r0 @@ -1415,8 +1415,8 @@ static void* dasm_labels[zend_lb_MAX]; |.endmacro |.macro ZVAL_PTR_DTOR, addr, op_info, gc, cold, opline -|| if ((op_info) & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)) { -|| if ((op_info) & ((MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_INDIRECT)-(MAY_BE_OBJECT|MAY_BE_RESOURCE))) { +|| if ((op_info) & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF|MAY_BE_GUARD)) { +|| if ((op_info) & ((MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_INDIRECT|MAY_BE_GUARD)-(MAY_BE_OBJECT|MAY_BE_RESOURCE))) { | // if (Z_REFCOUNTED_P(cv)) { || if (cold) { | IF_ZVAL_REFCOUNTED addr, >1 @@ -1429,9 +1429,9 @@ static void* dasm_labels[zend_lb_MAX]; | // if (!Z_DELREF_P(cv)) { | GET_ZVAL_PTR FCARG1a, addr | GC_DELREF FCARG1a -|| if (RC_MAY_BE_1(op_info)) { -|| if (RC_MAY_BE_N(op_info)) { -|| if (gc && RC_MAY_BE_N(op_info) && ((op_info) & (MAY_BE_REF|MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0) { +|| if (((op_info) & MAY_BE_GUARD) || RC_MAY_BE_1(op_info)) { +|| if (((op_info) & MAY_BE_GUARD) || RC_MAY_BE_N(op_info)) { +|| if (gc && (((op_info) & MAY_BE_GUARD) || (RC_MAY_BE_N(op_info) && ((op_info) & (MAY_BE_REF|MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0))) { | jnz >3 || } else { | jnz >4 @@ -1439,13 +1439,13 @@ static void* dasm_labels[zend_lb_MAX]; || } | // zval_dtor_func(r); | ZVAL_DTOR_FUNC op_info, opline -|| if (gc && RC_MAY_BE_N(op_info) && ((op_info) & (MAY_BE_REF|MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0) { +|| if (gc && (((op_info) & MAY_BE_GUARD) || (RC_MAY_BE_N(op_info) && ((op_info) & (MAY_BE_REF|MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0))) { | jmp >4 || } |3: || } -|| if (gc && RC_MAY_BE_N(op_info) && ((op_info) & (MAY_BE_REF|MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0) { -|| if ((op_info) & MAY_BE_REF) { +|| if (gc && (((op_info) & MAY_BE_GUARD) || (RC_MAY_BE_N(op_info) && ((op_info) & (MAY_BE_REF|MAY_BE_ARRAY|MAY_BE_OBJECT)) != 0))) { +|| if ((op_info) & (MAY_BE_REF|MAY_BE_GUARD)) { || zend_jit_addr ref_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FCARG1a, offsetof(zend_reference, val)); | IF_NOT_ZVAL_TYPE addr, IS_REFERENCE, >1 | IF_NOT_ZVAL_COLLECTABLE ref_addr, >4 @@ -1456,7 +1456,7 @@ static void* dasm_labels[zend_lb_MAX]; | // gc_possible_root(Z_COUNTED_P(z)) | EXT_CALL gc_possible_root, r0 || } -|| if (cold && ((op_info) & ((MAY_BE_ANY|MAY_BE_UNDEF)-(MAY_BE_OBJECT|MAY_BE_RESOURCE))) != 0) { +|| if (cold && ((op_info) & ((MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_INDIRECT|MAY_BE_GUARD)-(MAY_BE_OBJECT|MAY_BE_RESOURCE))) != 0) { | jmp >4 |.code || } diff --git a/ext/opcache/tests/jit/fetch_dim_r_008.phpt b/ext/opcache/tests/jit/fetch_dim_r_008.phpt new file mode 100644 index 00000000000..c40d54eefb5 --- /dev/null +++ b/ext/opcache/tests/jit/fetch_dim_r_008.phpt @@ -0,0 +1,16 @@ +--TEST-- +JIT FETCH_DIM_R: 008 +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +--FILE-- + +DONE +--EXPECTF-- +Warning: Trying to access array offset on value of type null in %sfetch_dim_r_008.php on line 3 +DONE