From 325865d75027cb6be56fb59e1c5843d6c787f51c Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Mon, 27 Sep 2021 22:09:51 +0300
Subject: [PATCH] JIT: Split zend_jit_hash_index_lookup_rw() into
 zend_jit_hash_index_lookup_rw() and
 zend_jit_hash_index_lookup_rw_no_packed().

The previous version might fail if zend_jit_hash_index_lookup_rw() was called for packed array.
---
 ext/opcache/jit/zend_jit_disasm_x86.c |  1 +
 ext/opcache/jit/zend_jit_helpers.c    | 15 ++++++++++++++-
 ext/opcache/jit/zend_jit_x86.dasc     |  6 +++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/ext/opcache/jit/zend_jit_disasm_x86.c b/ext/opcache/jit/zend_jit_disasm_x86.c
index 977e85e1cb6..098742be778 100644
--- a/ext/opcache/jit/zend_jit_disasm_x86.c
+++ b/ext/opcache/jit/zend_jit_disasm_x86.c
@@ -411,6 +411,7 @@ static int zend_jit_disasm_init(void)
 	REGISTER_HELPER(zend_jit_leave_top_func_helper);
 	REGISTER_HELPER(zend_jit_leave_func_helper);
 	REGISTER_HELPER(zend_jit_symtable_find);
+	REGISTER_HELPER(zend_jit_hash_index_lookup_rw_no_packed);
 	REGISTER_HELPER(zend_jit_hash_index_lookup_rw);
 	REGISTER_HELPER(zend_jit_hash_index_lookup_w);
 	REGISTER_HELPER(zend_jit_hash_lookup_rw);
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
index 5211f9f382b..362c73ea2f3 100644
--- a/ext/opcache/jit/zend_jit_helpers.c
+++ b/ext/opcache/jit/zend_jit_helpers.c
@@ -246,7 +246,7 @@ static zval* ZEND_FASTCALL zend_jit_symtable_find(HashTable *ht, zend_string *st
 	return zend_hash_find(ht, str);
 }
 
-static zval* ZEND_FASTCALL zend_jit_hash_index_lookup_rw(HashTable *ht, zend_long idx)
+static zval* ZEND_FASTCALL zend_jit_hash_index_lookup_rw_no_packed(HashTable *ht, zend_long idx)
 {
 	zval *retval = _zend_hash_index_find(ht, idx);
 
@@ -259,6 +259,19 @@ static zval* ZEND_FASTCALL zend_jit_hash_index_lookup_rw(HashTable *ht, zend_lon
 	return retval;
 }
 
+static zval* ZEND_FASTCALL zend_jit_hash_index_lookup_rw(HashTable *ht, zend_long idx)
+{
+	zval *retval = zend_hash_index_find(ht, idx);
+
+	if (!retval) {
+		if (UNEXPECTED(zend_undefined_offset_write(ht, idx) == FAILURE)) {
+			return NULL;
+		}
+		retval = zend_hash_index_add_new(ht, idx, &EG(uninitialized_zval));
+	}
+	return retval;
+}
+
 static zval* ZEND_FASTCALL zend_jit_hash_index_lookup_w(HashTable *ht, zend_long idx)
 {
 	zval *retval = _zend_hash_index_find(ht, idx);
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
index 19fc48a11a5..fda6e9eee77 100644
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -5569,7 +5569,11 @@ static int zend_jit_fetch_dimension_address_inner(dasm_State **Dst, const zend_o
 					|	GET_ZVAL_LVAL ZREG_FCARG2a, op2_addr
 				}
 				|	SET_EX_OPLINE opline, r0
-				|	EXT_CALL zend_jit_hash_index_lookup_rw, r0
+				if (packed_loaded) {
+					|	EXT_CALL zend_jit_hash_index_lookup_rw_no_packed, r0
+				} else {
+					|	EXT_CALL zend_jit_hash_index_lookup_rw, r0
+				}
 				|	test r0, r0
 				|	jz >9
 				break;