php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed code generation for DETCH_DIM_R

Browse Source 
Fixes oss-fuzz #63613 and #63619
This commit is contained in:
Dmitry Stogov
2023-10-26 22:50:25 +03:00
parent eed7474fc8
commit ce269178a9
4 changed files with 53 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Zend/Optimizer/zend_inference.c
View File

@@ -1876,6 +1876,8 @@ ZEND_API uint32_t ZEND_FASTCALL zend_array_type_info(const zval *zv)
} ZEND_HASH_FOREACH_END();
if (HT_IS_PACKED(ht)) {
tmp &= ~(MAY_BE_ARRAY_NUMERIC_HASH|MAY_BE_ARRAY_STRING_HASH);
} else {
tmp &= ~MAY_BE_ARRAY_PACKED;
}
return tmp;
}

37
ext/opcache/jit/zend_jit_ir.c
View File

@@ -11399,9 +11399,6 @@ static int zend_jit_fetch_dimension_address_inner(zend_jit_ctx *jit,
packed_loaded = 1;
} else {
bad_packed_key = 1;
if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE && type == BP_VAR_R) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(exit_addr));
}
}
h = ir_CONST_LONG(val);
} else {
@@ -11511,9 +11508,18 @@ static int zend_jit_fetch_dimension_address_inner(zend_jit_ctx *jit,
ir_refs_add(found_inputs, ir_END());
ir_refs_add(found_vals, ref);
ir_IF_FALSE(if_def);
if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE && type == BP_VAR_R) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(exit_addr));
} else if (type == BP_VAR_IS && not_found_exit_addr) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(not_found_exit_addr));
} else if (type == BP_VAR_IS && result_type_guard) {
ir_END_list(*not_found_inputs);
} else {
ir_END_list(idx_not_found_inputs);
}
} else if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE && type == BP_VAR_R) {
/* perform IS_UNDEF check only after result type guard (during deoptimization) */
if (!result_type_guard || (op1_info & MAY_BE_ARRAY_NUMERIC_HASH)) {
if (!result_type_guard) {
ir_GUARD(type_ref, ir_CONST_ADDR(exit_addr));
}
} else if (type == BP_VAR_IS && not_found_exit_addr) {
@@ -11530,18 +11536,7 @@ static int zend_jit_fetch_dimension_address_inner(zend_jit_ctx *jit,
ir_IF_TRUE(if_def);
}
}
if (!(op1_info & MAY_BE_ARRAY_KEY_LONG) || (packed_loaded && (op1_info & MAY_BE_ARRAY_NUMERIC_HASH))) {
if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE && type == BP_VAR_R) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(exit_addr));
} else if (type == BP_VAR_IS && not_found_exit_addr) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(not_found_exit_addr));
} else if (type == BP_VAR_IS && result_type_guard) {
ir_END_list(*not_found_inputs);
} else {
ir_END_list(idx_not_found_inputs);
}
}
if (/*!packed_loaded ||*/ (op1_info & MAY_BE_ARRAY_NUMERIC_HASH)) {
if (op1_info & MAY_BE_ARRAY_NUMERIC_HASH) {
if (if_packed) {
ir_IF_FALSE(if_packed);
if_packed = IR_UNUSED;
@@ -11575,6 +11570,16 @@ static int zend_jit_fetch_dimension_address_inner(zend_jit_ctx *jit,
} else if (packed_loaded) {
ir_refs_add(found_inputs, ir_END());
ir_refs_add(found_vals, ref);
} else {
if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE && type == BP_VAR_R) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(exit_addr));
} else if (type == BP_VAR_IS && not_found_exit_addr) {
jit_SIDE_EXIT(jit, ir_CONST_ADDR(not_found_exit_addr));
} else if (type == BP_VAR_IS && result_type_guard) {
ir_END_list(*not_found_inputs);
} else {
ir_END_list(idx_not_found_inputs);
}
}
if (idx_not_found_inputs) {

15
ext/opcache/tests/jit/fetch_dim_r_015.phpt Normal file
View File

@@ -0,0 +1,15 @@
--TEST--
JIT FETCH_DIM_R: 015
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--FILE--
<?php
array(1, "" => 4)[-1];
?>
DONE
--EXPECTF--
Warning: Undefined array key -1 in %sfetch_dim_r_015.php on line 2
DONE

15
ext/opcache/tests/jit/fetch_dim_r_016.phpt Normal file
View File

@@ -0,0 +1,15 @@
--TEST--
JIT FETCH_DIM_R: 016
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--FILE--
<?php
[4][-1];
?>
DONE
--EXPECTF--
Warning: Undefined array key -1 in %sfetch_dim_r_016.php on line 2
DONE