php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.3'

Browse Source 
* PHP-8.3:
  Fix GH-15652: Segmentation fault in the Zend engine when JIT enabled (#15717)
This commit is contained in:
Dmitry Stogov
2024-09-02 21:59:14 +03:00
parent db9a7aaf05 be8589651d
commit faa1904fb6
3 changed files with 50 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ext/opcache/jit/zend_jit.c
View File

@@ -623,16 +623,16 @@ static zend_property_info* zend_get_known_property_info(const zend_op_array *op_
return NULL;
}
static bool zend_may_be_dynamic_property(zend_class_entry *ce, zend_string *member, bool on_this, zend_string *filename)
static bool zend_may_be_dynamic_property(zend_class_entry *ce, zend_string *member, bool on_this, const zend_op_array *op_array)
{
zend_property_info *info;
if (!ce || (ce->ce_flags & ZEND_ACC_TRAIT)) {
if (!ce || (ce->ce_flags & ZEND_ACC_TRAIT) || (op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)) {
return 1;
}
if (!(ce->ce_flags & ZEND_ACC_IMMUTABLE)) {
if (ce->info.user.filename != filename) {
if (ce->info.user.filename != op_array->filename) {
/* class declaration might be changed independently */
return 1;
}

2
ext/opcache/jit/zend_jit_ir.c
View File

@@ -13888,7 +13888,7 @@ static int zend_jit_fetch_obj(zend_jit_ctx *jit,
ir_ref offset_ref = ir_LOAD_A(
ir_ADD_OFFSET(run_time_cache, (opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS) + sizeof(void*)));
may_be_dynamic = zend_may_be_dynamic_property(ce, Z_STR_P(member), opline->op1_type == IS_UNUSED, op_array->filename);
may_be_dynamic = zend_may_be_dynamic_property(ce, Z_STR_P(member), opline->op1_type == IS_UNUSED, op_array);
if (may_be_dynamic) {
ir_ref if_dynamic = ir_IF(ir_LT(offset_ref, ir_CONST_ADDR(ZEND_FIRST_PROPERTY_OFFSET)));
if (opline->opcode == ZEND_FETCH_OBJ_W) {

46
ext/opcache/tests/jit/gh15652.phpt Normal file
View File

@@ -0,0 +1,46 @@
--TEST--
JIT: FETCH_OBJ 007
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
opcache.jit_hot_func=2
--FILE--
<?php
class C {}
trait T {
public function equal(C $type): bool {
return $type instanceof self && $this->value === $type->value;
}
}
class C1 extends C {
use T;
public function __construct(private int $value) {}
}
class C2 extends C {
use T;
}
$x = new C1(1);
var_dump($x->equal($x));
var_dump($x->equal($x));
$a = new C2("aaa");
var_dump($a->equal($a));
var_dump($a->equal($a));
--EXPECTF--
bool(true)
bool(true)
Warning: Undefined property: C2::$value in %sgh15652.php on line 6
Warning: Undefined property: C2::$value in %sgh15652.php on line 6
bool(true)
Warning: Undefined property: C2::$value in %sgh15652.php on line 6
Warning: Undefined property: C2::$value in %sgh15652.php on line 6
bool(true)