JIT: Fix register allocation

Fixes oss-fuzz #44689
php · Feb 18, 2022 · 3198b87 · 3198b87
1 parent 84a638a
commit 3198b87
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c
@@ -145,8 +145,8 @@ static zend_bool zend_ssa_is_last_use(const zend_op_array *op_array, const zend_
 		} while (phi);
 	}
 
-	next_use = zend_ssa_next_use(ssa->ops, var, use);
-	if (next_use < 0) {
+	if (ssa->cfg.blocks[ssa->cfg.map[use]].loop_header > 0
+	 || (ssa->cfg.blocks[ssa->cfg.map[use]].flags & ZEND_BB_LOOP_HEADER)) {
 		int b = ssa->cfg.map[use];
 		int prev_use = ssa->vars[var].use_chain;
 
@@ -158,6 +158,10 @@ static zend_bool zend_ssa_is_last_use(const zend_op_array *op_array, const zend_
 			}
 			prev_use = zend_ssa_next_use(ssa->ops, var, prev_use);
 		}
+	}
+
+	next_use = zend_ssa_next_use(ssa->ops, var, use);
+	if (next_use < 0) {
 		return 1;
 	} else if (zend_ssa_is_no_val_use(op_array->opcodes + next_use, ssa->ops + next_use, var)) {
 		return 1;

diff --git a/ext/opcache/tests/jit/reg_alloc_010.phpt b/ext/opcache/tests/jit/reg_alloc_010.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Register Alloction 010: Missed store
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function foo($y) {
+    for (; $cnt < 6; $cnt++) {
+        for ($i=0; $i <.1; $i++) 
+            for(;$y;);
+        [$i=$y];
+    }
+}
+foo(null);
+?>
+DONE
+--EXPECTF--
+Warning: Undefined variable $cnt in %sreg_alloc_010.php on line 3
+
+Warning: Undefined variable $cnt in %sreg_alloc_010.php on line 3
+DONE