php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 08:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix type inference for FETCH_DI_UNSET

Browse Source 
Fixes oss-fuzz #48507
This commit is contained in:
Dmitry Stogov
2022-07-18 13:14:15 +03:00
parent d830a1f6f0
commit bd30eff5de
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ext/opcache/Optimizer/zend_inference.c
View File

@@ -3298,7 +3298,12 @@ static zend_always_inline int _zend_update_type_info(
ZEND_ASSERT(j < 0 && "There should only be one use");
}
}
if (((tmp & MAY_BE_ARRAY) && (tmp & MAY_BE_ARRAY_KEY_ANY)) || opline->opcode == ZEND_FETCH_DIM_FUNC_ARG) {
if (((tmp & MAY_BE_ARRAY) && (tmp & MAY_BE_ARRAY_KEY_ANY))
|| opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
|| opline->opcode == ZEND_FETCH_DIM_R
|| opline->opcode == ZEND_FETCH_DIM_IS
|| opline->opcode == ZEND_FETCH_DIM_UNSET
|| opline->opcode == ZEND_FETCH_LIST_R) {
UPDATE_SSA_TYPE(tmp, ssa_op->op1_def);
} else {
/* invalid key type */

26
ext/opcache/tests/opt/inference_012.phpt Normal file
View File

@@ -0,0 +1,26 @@
--TEST--
Type inference 012: FETCH_DIM_UNSET
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.optimization_level=-1
--FILE--
<?php
function test() {
$closure = function() {return "string";};
unset($x['b'][$closure()]['d']);
$x = $arr;
$arr = ['a' => $closure(), 'b' => [$closure() => []]];
$x = $arr;
unset($x['b'][$closure()]['d']);
$x = $arr;
}
test();
?>
DONE
--EXPECTF--
Warning: Undefined variable $x in %sinference_012.php on line 4
Warning: Undefined variable $arr in %sinference_012.php on line 5
DONE