From 5b048dd05cf2fb7922be87cb99805877eb5bd060 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 11 Apr 2022 11:42:01 +0300 Subject: [PATCH] Tracing JIT: Fixed incorrect assumption about stack slot type Fixes oss-fuzz #46404 --- ext/opcache/jit/zend_jit_internal.h | 3 +++ ext/opcache/jit/zend_jit_trace.c | 3 +++ ext/opcache/tests/jit/fetch_dim_r_014.phpt | 19 +++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 ext/opcache/tests/jit/fetch_dim_r_014.phpt diff --git a/ext/opcache/jit/zend_jit_internal.h b/ext/opcache/jit/zend_jit_internal.h index 11a63cfb364..fcfc3080346 100644 --- a/ext/opcache/jit/zend_jit_internal.h +++ b/ext/opcache/jit/zend_jit_internal.h @@ -360,6 +360,9 @@ typedef union _zend_jit_trace_stack { (_stack)[_slot].reg = _reg; \ (_stack)[_slot].flags = _flags; \ } while (0) +#define RESET_STACK_MEM_TYPE(_stack, _slot) do { \ + (_stack)[_slot].mem_type = IS_UNKNOWN; \ + } while (0) /* trace info flags */ #define ZEND_JIT_TRACE_CHECK_INTERRUPT (1<<0) diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c index adfcb6fa403..2890f7ebfd7 100644 --- a/ext/opcache/jit/zend_jit_trace.c +++ b/ext/opcache/jit/zend_jit_trace.c @@ -5939,6 +5939,9 @@ done: } else { SET_STACK_TYPE(stack, EX_VAR_TO_NUM(opline->result.var), type, (type == IS_UNKNOWN || !ra || !ra[ssa_op->result_def])); + if (ssa->var_info[ssa_op->result_def].type & MAY_BE_INDIRECT) { + RESET_STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->result.var)); + } if (type != IS_UNKNOWN) { ssa->var_info[ssa_op->result_def].type &= ~MAY_BE_GUARD; if (opline->opcode == ZEND_FETCH_THIS diff --git a/ext/opcache/tests/jit/fetch_dim_r_014.phpt b/ext/opcache/tests/jit/fetch_dim_r_014.phpt new file mode 100644 index 00000000000..e910f11166a --- /dev/null +++ b/ext/opcache/tests/jit/fetch_dim_r_014.phpt @@ -0,0 +1,19 @@ +--TEST-- +JIT FETCH_DIM_R: 014 +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +--FILE-- + +DONE +--EXPECT-- +DONE