php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-17868: Cannot allocate memory with tracing JIT on 8.4.4

Browse Source 
The generated code tries to initialize the run time cache for even
internal closures, but it should only initialize the run time cache for
user closures. We fix this by adding a check for the function type.
If `func` is known, then we can check the type at code generation time.

Closes GH-17869.
This commit is contained in:
Niels Dossche
2025-02-20 21:58:42 +01:00
parent ca75ebf3a1
commit 5ede5415e1
2 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -57,6 +57,8 @@ PHP NEWS
FETCH_OBJ_R breaks JIT). (Dmitry, nielsdos) FETCH_OBJ_R breaks JIT). (Dmitry, nielsdos)
. Fixed bug GH-17715 (Null pointer deref in observer API when calling . Fixed bug GH-17715 (Null pointer deref in observer API when calling
cases() method on preloaded enum). (Bob) cases() method on preloaded enum). (Bob)
. Fixed bug GH-17868 (Cannot allocate memory with tracing JIT on 8.4.4).
(nielsdos)
- PDO_SQLite: - PDO_SQLite:
. Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). . Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults).

22
ext/opcache/jit/zend_jit_ir.c
View File

@@ -8676,6 +8676,7 @@ static int zend_jit_push_call_frame(zend_jit_ctx *jit, const zend_op *opline, co
ir_STORE(jit_CALL(rx, This), IR_NULL); ir_STORE(jit_CALL(rx, This), IR_NULL);
} else { } else {
ir_ref object_or_called_scope, call_info, call_info2, object, if_cond; ir_ref object_or_called_scope, call_info, call_info2, object, if_cond;
ir_ref if_cond_user = IR_UNUSED;
if (opline->op2_type == IS_CV) { if (opline->op2_type == IS_CV) {
// JIT: GC_ADDREF(closure); // JIT: GC_ADDREF(closure);
@@ -8713,15 +8714,22 @@ static int zend_jit_push_call_frame(zend_jit_ctx *jit, const zend_op *opline, co
// JIT: Z_PTR(call->This) = object_or_called_scope; // JIT: Z_PTR(call->This) = object_or_called_scope;
ir_STORE(jit_CALL(rx, This.value.ptr), object_or_called_scope); ir_STORE(jit_CALL(rx, This.value.ptr), object_or_called_scope);
// JIT: if (closure->func.op_array.run_time_cache__ptr) if (!func) {
if_cond = ir_IF(ir_LOAD_A(ir_ADD_OFFSET(func_ref, offsetof(zend_closure, func.op_array.run_time_cache__ptr)))); // JIT: if (closure->func.common.type & ZEND_USER_FUNCTION)
ir_IF_FALSE(if_cond); ir_ref type = ir_LOAD_U8(ir_ADD_OFFSET(func_ref, offsetof(zend_closure, func.type)));
if_cond_user = ir_IF(ir_AND_U8(type, ir_CONST_U8(ZEND_USER_FUNCTION)));
ir_IF_TRUE(if_cond_user);
}
// JIT: zend_jit_init_func_run_time_cache_helper(closure->func); if (!func || func->common.type == ZEND_USER_FUNCTION) {
ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_init_func_run_time_cache_helper), // JIT: zend_jit_init_func_run_time_cache_helper(closure->func);
ir_ADD_OFFSET(func_ref, offsetof(zend_closure, func))); ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_init_func_run_time_cache_helper),
ir_ADD_OFFSET(func_ref, offsetof(zend_closure, func)));
}
ir_MERGE_WITH_EMPTY_TRUE(if_cond); if (!func) {
ir_MERGE_WITH_EMPTY_FALSE(if_cond_user);
}
} }
// JIT: ZEND_CALL_NUM_ARGS(call) = num_args; // JIT: ZEND_CALL_NUM_ARGS(call) = num_args;