From 731734dacb824c42712061c8351192ccd90e7dc3 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 18 Dec 2023 12:27:35 +0300 Subject: [PATCH] Fixed type inference Fixes oss-fuzz #65150 --- Zend/Optimizer/zend_inference.c | 14 +++++++++++ Zend/Optimizer/zend_optimizer.c | 4 +++- .../tests/jit/assign_static_prop_op_001.phpt | 23 +++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/jit/assign_static_prop_op_001.phpt diff --git a/Zend/Optimizer/zend_inference.c b/Zend/Optimizer/zend_inference.c index 16edb2cc82e..9d6517bdedb 100644 --- a/Zend/Optimizer/zend_inference.c +++ b/Zend/Optimizer/zend_inference.c @@ -2825,8 +2825,15 @@ static zend_always_inline zend_result _zend_update_type_info( /* DOUBLE may be auto-converted to LONG */ tmp |= MAY_BE_LONG; tmp &= ~MAY_BE_DOUBLE; + } else if ((t1 & (MAY_BE_LONG|MAY_BE_DOUBLE|MAY_BE_STRING)) == MAY_BE_STRING + && (tmp & (MAY_BE_LONG|MAY_BE_DOUBLE))) { + /* LONG/DOUBLE may be auto-converted to STRING */ + tmp |= MAY_BE_STRING; + tmp &= ~(MAY_BE_LONG|MAY_BE_DOUBLE); } tmp &= t1; + } else { + tmp |= MAY_BE_LONG | MAY_BE_STRING; } } else if (opline->opcode == ZEND_ASSIGN_STATIC_PROP_OP) { /* The return value must also satisfy the property type */ @@ -2837,8 +2844,15 @@ static zend_always_inline zend_result _zend_update_type_info( /* DOUBLE may be auto-converted to LONG */ tmp |= MAY_BE_LONG; tmp &= ~MAY_BE_DOUBLE; + } else if ((t1 & (MAY_BE_LONG|MAY_BE_DOUBLE|MAY_BE_STRING)) == MAY_BE_STRING + && (tmp & (MAY_BE_LONG|MAY_BE_DOUBLE))) { + /* LONG/DOUBLE may be auto-converted to STRING */ + tmp |= MAY_BE_STRING; + tmp &= ~(MAY_BE_LONG|MAY_BE_DOUBLE); } tmp &= t1; + } else { + tmp |= MAY_BE_LONG | MAY_BE_STRING; } } else { if (tmp & MAY_BE_REF) { diff --git a/Zend/Optimizer/zend_optimizer.c b/Zend/Optimizer/zend_optimizer.c index b5841159bf1..f274edb039c 100644 --- a/Zend/Optimizer/zend_optimizer.c +++ b/Zend/Optimizer/zend_optimizer.c @@ -797,7 +797,9 @@ zend_class_entry *zend_optimizer_get_class_entry( } ce = zend_hash_find_ptr(CG(class_table), lcname); - if (ce && ce->type == ZEND_INTERNAL_CLASS) { + if (ce + && (ce->type == ZEND_INTERNAL_CLASS + || (op_array && ce->info.user.filename == op_array->filename))) { return ce; } diff --git a/ext/opcache/tests/jit/assign_static_prop_op_001.phpt b/ext/opcache/tests/jit/assign_static_prop_op_001.phpt new file mode 100644 index 00000000000..da28851584b --- /dev/null +++ b/ext/opcache/tests/jit/assign_static_prop_op_001.phpt @@ -0,0 +1,23 @@ +--TEST-- +JIT ASSIGN_STATIC_PROP_OP: 001 +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +--EXTENSIONS-- +opcache +--FILE-- + +--EXPECT-- +string(1) "1"