Fix GH-16770: Tracing JIT type mismatch when returning UNDEF

When returning an UNDEF value, it actually becomes NULL. The following code took this into account: 28344e0445/ext/opcache/jit/zend_jit_trace.c (L2196-L2199) But the stack does not update the type to NULL, causing a mismatch. Closes GH-16784. Co-authored-by: Dmitry Stogov <dmitry@zend.com>
2026-03-24 08:12:21 +01:00 · 2024-11-13 18:27:26 +01:00
parent c69fdef760
commit cbb3b9371d
3 changed files with 46 additions and 0 deletions
--- a/4
+++ b/4
@@ -19,6 +19,10 @@ PHP                                                                        NEWS
 - Hash:
  . Fixed GH-16711: Segfault in mhash(). (Girgias)

+- Opcache:
+  . Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
+    (nielsdos, Dmitry)
+
 - OpenSSL:
  . Prevent unexpected array entry conversion when reading key. (nielsdos)
  . Fix various memory leaks related to openssl exports. (nielsdos)
--- a/ext/opcache/jit/zend_jit_trace.c
+++ b/ext/opcache/jit/zend_jit_trace.c
@@ -5404,6 +5404,9 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 							res_type = Z_TYPE_P(RT_CONSTANT(opline, opline->op1));
 						} else if (op1_type != IS_UNKNOWN) {
 							res_type = op1_type;
+							if (res_type == IS_UNDEF) {
+								res_type = IS_NULL;
+							}
 						}
 						if (op_array->type == ZEND_EVAL_CODE
 						 // TODO: support for top-level code
--- a/ext/opcache/tests/jit/gh16770.phpt
+++ b/ext/opcache/tests/jit/gh16770.phpt
@@ -0,0 +1,39 @@
+--TEST--
+GH-16770 (Tracing JIT type mismatch when returning UNDEF)
+--INI--
+opcache.jit=1254
+opcache.jit_hot_loop=1
+opcache.jit_buffer_size=32M
+--EXTENSIONS--
+opcache
+--FILE--
+<?php
+function ret_undef($k) {
+    return $undefined;
+}
+for ($i = 0; $i < 10; $i++) {
+    $output = ret_undef($i);
+}
+var_dump($output);
+?>
+--EXPECTF--
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+
+Warning: Undefined variable $undefined in %s on line %d
+NULL