php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Assert ptr_ptr value of TMP|CONST isn't used (#11865)

Browse Source 
We require valid code for compilation to succeed, but these paths should always
be guarded by OPx_TYPE checks and never execute. Add an assertion to verify.
This commit is contained in:
Ilija Tovilo
2023-08-03 15:28:19 +02:00
committed by GitHub
parent 1246da3ddc
commit 73c5f36f5b
3 changed files with 44 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Zend/zend_execute.h
View File

@@ -523,6 +523,12 @@ ZEND_COLD void zend_magic_get_property_type_inconsistency_error(const zend_prope
ZEND_COLD void zend_match_unhandled_error(const zval *value);
static zend_always_inline void *zend_get_bad_ptr(void)
{
ZEND_UNREACHABLE();
return NULL;
}
END_EXTERN_C()
#endif /* ZEND_EXECUTE_H */

40
Zend/zend_vm_execute.h generated
View File

@@ -4491,7 +4491,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
break;
}
retval_ptr = NULL;
retval_ptr = zend_get_bad_ptr();
if (IS_CONST == IS_VAR) {
ZEND_ASSERT(retval_ptr != &EG(uninitialized_zval));
@@ -5209,7 +5209,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FE_RESET_RW_SPEC_
SAVE_OPLINE();
if (IS_CONST == IS_VAR || IS_CONST == IS_CV) {
array_ref = array_ptr = NULL;
array_ref = array_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(array_ref)) {
array_ptr = Z_REFVAL_P(array_ref);
}
@@ -7313,7 +7313,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_C
SAVE_OPLINE();
if ((IS_CONST == IS_VAR || IS_CONST == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -7670,7 +7670,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_CONST_CONST_HANDLER
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -9644,7 +9644,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_T
SAVE_OPLINE();
if ((IS_CONST == IS_VAR || IS_CONST == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -9951,7 +9951,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_CONST_TMPVAR_HANDLE
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -10567,7 +10567,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_U
SAVE_OPLINE();
if ((IS_CONST == IS_VAR || IS_CONST == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -10794,7 +10794,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_CONST_UNUSED_HANDLE
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -12021,7 +12021,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_C
SAVE_OPLINE();
if ((IS_CONST == IS_VAR || IS_CONST == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -12327,7 +12327,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_CONST_CV_HANDLER(ZE
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -19293,7 +19293,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER
break;
}
retval_ptr = NULL;
retval_ptr = zend_get_bad_ptr();
if (IS_TMP_VAR == IS_VAR) {
ZEND_ASSERT(retval_ptr != &EG(uninitialized_zval));
@@ -19560,7 +19560,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_FE_RESET_RW_SPEC_TMP_HANDLER(Z
SAVE_OPLINE();
if (IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) {
array_ref = array_ptr = NULL;
array_ref = array_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(array_ref)) {
array_ptr = Z_REFVAL_P(array_ref);
}
@@ -20042,7 +20042,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CON
SAVE_OPLINE();
if ((IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -20186,7 +20186,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_CONST_HANDLER(Z
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -20486,7 +20486,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_TMP
SAVE_OPLINE();
if ((IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -20630,7 +20630,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_TMPVAR_HANDLER(
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -20947,7 +20947,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_UNU
SAVE_OPLINE();
if ((IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -21091,7 +21091,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_UNUSED_HANDLER(
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */
@@ -21351,7 +21351,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CV_
SAVE_OPLINE();
if ((IS_TMP_VAR == IS_VAR || IS_TMP_VAR == IS_CV) &&
UNEXPECTED(opline->extended_value & ZEND_ARRAY_ELEMENT_REF)) {
expr_ptr = NULL;
expr_ptr = zend_get_bad_ptr();
if (Z_ISREF_P(expr_ptr)) {
Z_ADDREF_P(expr_ptr);
} else {
@@ -21495,7 +21495,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_TMP_CV_HANDLER(ZEND
}
}
} else {
zval *value_ptr = NULL;
zval *value_ptr = zend_get_bad_ptr();
/* If a function call result is yielded and the function did
* not return by reference we throw a notice. */

36
Zend/zend_vm_gen.php
View File

@@ -232,9 +232,9 @@ $op2_get_zval_ptr = array(
$op1_get_zval_ptr_ptr = array(
"ANY" => "get_zval_ptr_ptr(opline->op1_type, opline->op1, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "NULL",
"CV" => "_get_zval_ptr_cv_\\1(opline->op1.var EXECUTE_DATA_CC)",
"TMPVAR" => "???",
@@ -243,9 +243,9 @@ $op1_get_zval_ptr_ptr = array(
$op2_get_zval_ptr_ptr = array(
"ANY" => "get_zval_ptr_ptr(opline->op2_type, opline->op2, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "NULL",
"CV" => "_get_zval_ptr_cv_\\1(opline->op2.var EXECUTE_DATA_CC)",
"TMPVAR" => "???",
@@ -298,9 +298,9 @@ $op2_get_zval_ptr_undef = array(
$op1_get_zval_ptr_ptr_undef = array(
"ANY" => "get_zval_ptr_ptr_undef(opline->op1_type, opline->op1, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "NULL",
"CV" => "EX_VAR(opline->op1.var)",
"TMPVAR" => "???",
@@ -309,9 +309,9 @@ $op1_get_zval_ptr_ptr_undef = array(
$op2_get_zval_ptr_ptr_undef = array(
"ANY" => "get_zval_ptr_ptr_undef(opline->op2_type, opline->op2, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "NULL",
"CV" => "EX_VAR(opline->op2.var)",
"TMPVAR" => "???",
@@ -386,9 +386,9 @@ $op2_get_obj_zval_ptr_deref = array(
$op1_get_obj_zval_ptr_ptr = array(
"ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, opline->op1, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "&EX(This)",
"CV" => "_get_zval_ptr_cv_\\1(opline->op1.var EXECUTE_DATA_CC)",
"TMPVAR" => "???",
@@ -397,9 +397,9 @@ $op1_get_obj_zval_ptr_ptr = array(
$op2_get_obj_zval_ptr_ptr = array(
"ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, opline->op2, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "&EX(This)",
"CV" => "_get_zval_ptr_cv_\\1(opline->op2.var EXECUTE_DATA_CC)",
"TMPVAR" => "???",
@@ -408,9 +408,9 @@ $op2_get_obj_zval_ptr_ptr = array(
$op1_get_obj_zval_ptr_ptr_undef = array(
"ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, opline->op1, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "&EX(This)",
"CV" => "EX_VAR(opline->op1.var)",
"TMPVAR" => "???",
@@ -419,9 +419,9 @@ $op1_get_obj_zval_ptr_ptr_undef = array(
$op2_get_obj_zval_ptr_ptr_undef = array(
"ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, opline->op2, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "&EX(This)",
"CV" => "EX_VAR(opline->op2.var)",
"TMPVAR" => "???",
@@ -518,9 +518,9 @@ $op_data_get_zval_ptr_deref = array(
$op_data_get_zval_ptr_ptr = array(
"ANY" => "get_zval_ptr_ptr((opline+1)->op1_type, (opline+1)->op1, \\1)",
"TMP" => "NULL",
"TMP" => "zend_get_bad_ptr()",
"VAR" => "_get_zval_ptr_ptr_var((opline+1)->op1.var EXECUTE_DATA_CC)",
"CONST" => "NULL",
"CONST" => "zend_get_bad_ptr()",
"UNUSED" => "NULL",
"CV" => "_get_zval_ptr_cv_\\1((opline+1)->op1.var EXECUTE_DATA_CC)",
"TMPVAR" => "???",