From 30f1b172625030c78d564ceede46e7490152fcb4 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 21 May 2019 17:15:07 +0200 Subject: [PATCH] Fix null check in sccp add_array_elem chain handling We need to check result_use rather than result_def for a null zval. Previously we were later assuming that the null zval is really a partial array, which does not go well. --- ext/opcache/Optimizer/sccp.c | 2 +- ext/opcache/tests/bug78015.phpt | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c index 22f835527b9f5..1791f6a941dc3 100644 --- a/ext/opcache/Optimizer/sccp.c +++ b/ext/opcache/Optimizer/sccp.c @@ -1285,7 +1285,7 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o /* We want to avoid keeping around intermediate arrays for each SSA variable in the * ADD_ARRAY_ELEMENT chain. We do this by only keeping the array on the last opcode * and use a NULL value everywhere else. */ - if (Z_TYPE(ctx->values[ssa_op->result_def]) == IS_NULL) { + if (result && Z_TYPE_P(result) == IS_NULL) { SET_RESULT_BOT(result); return; } diff --git a/ext/opcache/tests/bug78015.phpt b/ext/opcache/tests/bug78015.phpt index a9feb82fb4c17..9bb416e7b396c 100644 --- a/ext/opcache/tests/bug78015.phpt +++ b/ext/opcache/tests/bug78015.phpt @@ -58,6 +58,19 @@ function test7() { return $y; } +function test8($array) { + $i = 0; + $ret = [[]]; + foreach ($array as $_) { + $i++; + $ret = [[ + 'x' => 0, + 'y' => $i, + ]]; + } + return $ret[0]; +} + var_dump(test1()); var_dump(test2()); var_dump(test3()); @@ -65,6 +78,7 @@ var_dump(test4()); var_dump(test5()); var_dump(test6()); var_dump(test7()); +var_dump(test8([1])); ?> --EXPECTF-- @@ -83,3 +97,9 @@ bool(true) Notice: Array to string conversion in %s on line %d string(11) "Arrayfoobar" int(2) +array(2) { + ["x"]=> + int(0) + ["y"]=> + int(1) +}