While most other exceptions aren't possible when QM_ASSIGN is used
instead of ASSIGN, we still have to watch out for an undef var
notice being promoted to an exception.
This would end up taking the successors_count=2 case, even though
we need to treat SWITCH and MATCH differently. This incorrectly
marked a block as FOLLOW, resulting in incorrect block pass
optimization.
Fixes oss-fuzz #39380.
This was doing a plain copy of JMPZNZ, even though it encodes
offsets relative to the opline. As such, the offsets would be
relative to target, while they should be relative to opline.
Fix this by recomputing them.
Fixes oss-fuzz #39295.
This ensures that code directly before the loop var free is
separated out (and will generally be eliminated as unreachable).
This fixes some assumptions we have that unreachable loop var free
blocks start with the loop var free.
Fixes oss-fuzz #39395.
We can't remove a trivial phi of the form x = phi(x), because we
don't have a replacement value. We could drop the whole block
though. SCCP would normally do this, but in this particular case
we only determine non-reachability based on type information.
Fixes oss-fuzz #39316.
If we're removing a predecessor because it already exists during
replacement, we should also drop pi nodes for that predecessor.
Fixes oss-fuzz #39276.
Latest linux kernel use large number (12 bits for major device, 20
bits for minor device). Current code only supports previous standard
(5 chars), which means 8 bits for major and 8 bits for minor device.
It will fail if device number is out of that range. So this patch
increases device number read from /proc/self/maps file.
Closes GH-7512.
We shouldn't try to load further classes if one autoload throws.
This fixes oss-fuzz #38881, though I believe there are still two
deeper issues here: 1) Why do we allow autoloading with an active
exception? 2) Exception save & restore should probably also save
and restore the exception opline.
We were not inferring anything for the ASSIGN_STATIC_PROP_REF
result type at all, leaving it as an empty type. In the test
case this results in a live range being incorrectly eliminated,
but this could break in all kinds of other ways as well..
This was leaking memory for pre-inc/dec of a refcounted typed
property if the result was not used.
The code to do this was unnecessarily complicated, we can base
this on the zend_jit_inc/dec_typed_prop() helper and copy to the
result afterwards.
We have an invariant that an array value type is set if and only
if an array key type is set, which is violated for the case of
undef values for always invalid keys.
This would allocate a too small buffer if the first smart_str
allocation is > SMART_STR_START_LEN but <= SMART_STR_START_SIZE.
(cherry picked from commit af8fccee9c)
