php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed code generation for ASSIGN_DIM

Browse Source 
Fixes oss-fuzz #63563
This commit is contained in:
Dmitry Stogov
2023-10-25 12:01:28 +03:00
parent accc1e6c67
commit c163ff68da
2 changed files with 34 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ext/opcache/jit/zend_jit_ir.c
View File

@@ -12799,19 +12799,21 @@ static int zend_jit_assign_dim(zend_jit_ctx *jit, const zend_op *opline, uint32_
var_info |= MAY_BE_RC1;
}
ir_MERGE_N(found_inputs->count, found_inputs->refs);
ref = ir_PHI_N(IR_ADDR, found_values->count, found_values->refs);
var_addr = ZEND_ADDR_REF_ZVAL(ref);
if (found_inputs->count) {
ir_MERGE_N(found_inputs->count, found_inputs->refs);
ref = ir_PHI_N(IR_ADDR, found_values->count, found_values->refs);
var_addr = ZEND_ADDR_REF_ZVAL(ref);
// JIT: value = zend_assign_to_variable(variable_ptr, value, OP_DATA_TYPE);
if (opline->op1_type == IS_VAR) {
ZEND_ASSERT(opline->result_type == IS_UNUSED);
if (!zend_jit_assign_to_variable_call(jit, opline, var_addr, var_addr, var_info, -1, (opline+1)->op1_type, op3_addr, val_info, res_addr, 0)) {
return 0;
}
} else {
if (!zend_jit_assign_to_variable(jit, opline, var_addr, var_addr, var_info, -1, (opline+1)->op1_type, op3_addr, val_info, res_addr, 0, 0)) {
return 0;
// JIT: value = zend_assign_to_variable(variable_ptr, value, OP_DATA_TYPE);
if (opline->op1_type == IS_VAR) {
ZEND_ASSERT(opline->result_type == IS_UNUSED);
if (!zend_jit_assign_to_variable_call(jit, opline, var_addr, var_addr, var_info, -1, (opline+1)->op1_type, op3_addr, val_info, res_addr, 0)) {
return 0;
}
} else {
if (!zend_jit_assign_to_variable(jit, opline, var_addr, var_addr, var_info, -1, (opline+1)->op1_type, op3_addr, val_info, res_addr, 0, 0)) {
return 0;
}
}
}
}

20
ext/opcache/tests/jit/assign_dim_016.phpt Normal file
View File

@@ -0,0 +1,20 @@
--TEST--
JIT ASSIGN_DIM: 016
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--FILE--
<?php
function foo() {
$y[~$y] = 42;
}
@foo();
?>
--EXPECTF--
Fatal error: Uncaught TypeError: Cannot perform bitwise not on null in %sassign_dim_016.php:3
Stack trace:
#0 %sassign_dim_016.php(5): foo()
#1 {main}
thrown in %sassign_dim_016.php on line 3