Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow; we make sure that this
doesn't happen by catering to the maximal overhead of a `zend_string`.
Closes GH-7597.
Same as with userland classes, automatically add a string return
type to __toString() methods in internal classes, so the signature
is compatible with Stringable.
We also need to drop pi nodes for new_pred here, as the pi node
restriction for new_pred is not necessarily true for control
coming from old_pred as well.
Fixes oss-fuzz #40782.
Requiring all internal classes (including those from 3rd-party
extensions) to implement Stringable if they provide __toString()
is too error prone. Case in point, our _ZendTestClass test class
was not doing so, resulting in preloading test failures after
recent changes.
Instead we automatically implement Stringable, the same as we do
for userland classes. We still allow explicit implementations,
but ignore them (normally they would result in an error due to
duplicate interface implementation). Finally, we need to be
careful about not trying to implement Stringable on Stringable
itself.
In some cases this changes the interface order, in particular the
automatic Stringable implementation will now come first.
Traits do not support interfaces, so we should not implement
Stringable on them.
Also check the __toString() return type in the same way other
magic methods do, otherwise we would now miss the check in the
trait case.
zend_class_implements_interface works fine if the "class" is an
interface, so simply drop this assertion. This avoids the need to
special case this situation.
While we avoid emitting labels for handlers that are not referenced
from anywhere else, we do not perform a fine-grained analysis on
used specializations, so some of the specialization labels may not
be used. Use ATTRIBUTE_UNUSED_LABEL to suppress the warning. Drop
"cold" from the definition of this attribute, as it is completely
unrelated.
This can happen if a call is optimized, but FETCH_DIM_FUNC_ARG
cannot be converted to FETCH_DIM_R because it uses an UNUSED op2,
which is not supported by FETCH_DIM_R.
Fixes oss-fuzz 6144185837682688.
In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should only update ex if we update EG(exception).
Fixes oss-fuzz #40464.
Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
The particular test case would crash with JIT, because the existence
of the reference was assumed.
Fixes oss-fuzz #39440.
This would end up taking the successors_count=2 case, even though
we need to treat SWITCH and MATCH differently. This incorrectly
marked a block as FOLLOW, resulting in incorrect block pass
optimization.
Fixes oss-fuzz #39380.
This was doing a plain copy of JMPZNZ, even though it encodes
offsets relative to the opline. As such, the offsets would be
relative to target, while they should be relative to opline.
Fix this by recomputing them.
Fixes oss-fuzz #39295.
This ensures that code directly before the loop var free is
separated out (and will generally be eliminated as unreachable).
This fixes some assumptions we have that unreachable loop var free
blocks start with the loop var free.
Fixes oss-fuzz #39395.
We can't remove a trivial phi of the form x = phi(x), because we
don't have a replacement value. We could drop the whole block
though. SCCP would normally do this, but in this particular case
we only determine non-reachability based on type information.
Fixes oss-fuzz #39316.
If we're removing a predecessor because it already exists during
replacement, we should also drop pi nodes for that predecessor.
Fixes oss-fuzz #39276.
Dmitry Stogov