Skip to content

Commit 31ce1cb

Browse files
nikicnikic
committed
Func info: Fix calls to zero-arg varargs
The num_args does not include variadics, so a "zero-arg" function may accept additional arguments through that. No functions seem to be affected right now, but they will be after #4175.
1 parent 209b12e commit 31ce1cb

File tree

1 file changed

+10
-8
lines changed

1 file changed

+10
-8
lines changed

ext/opcache/Optimizer/zend_func_info.c

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1688,8 +1688,9 @@ int zend_func_info_rid = -1;
16881688
uint32_t zend_get_func_info(const zend_call_info *call_info, const zend_ssa *ssa)
16891689
{
16901690
uint32_t ret = 0;
1691+
const zend_function *callee_func = call_info->callee_func;
16911692

1692-
if (call_info->callee_func->type == ZEND_INTERNAL_FUNCTION) {
1693+
if (callee_func->type == ZEND_INTERNAL_FUNCTION) {
16931694
zval *zv;
16941695
func_info_t *info;
16951696

@@ -1700,9 +1701,10 @@ uint32_t zend_get_func_info(const zend_call_info *call_info, const zend_ssa *ssa
17001701
ret = MAY_BE_NULL;
17011702
} else if (info->info_func) {
17021703
ret = info->info_func(call_info, ssa);
1703-
} else if (/*call_info->callee_func->common.arg_info && */
1704-
call_info->callee_func->common.num_args == 0 &&
1705-
call_info->callee_func->common.required_num_args == 0) {
1704+
} else if (/*callee_func->common.arg_info && */
1705+
callee_func->common.num_args == 0 &&
1706+
callee_func->common.required_num_args == 0 &&
1707+
!(callee_func->common.fn_flags & ZEND_ACC_VARIADIC)) {
17061708
if (call_info->num_args == 0) {
17071709
ret = info->info;
17081710
} else {
@@ -1718,19 +1720,19 @@ uint32_t zend_get_func_info(const zend_call_info *call_info, const zend_ssa *ssa
17181720
}
17191721
} else {
17201722
// FIXME: the order of functions matters!!!
1721-
zend_func_info *info = ZEND_FUNC_INFO((zend_op_array*)call_info->callee_func);
1723+
zend_func_info *info = ZEND_FUNC_INFO((zend_op_array*)callee_func);
17221724
if (info) {
17231725
ret = info->return_info.type;
17241726
}
17251727
}
17261728
if (!ret) {
17271729
ret = MAY_BE_ANY | MAY_BE_ARRAY_KEY_ANY | MAY_BE_ARRAY_OF_ANY | MAY_BE_ARRAY_OF_REF;
1728-
if (call_info->callee_func->type == ZEND_INTERNAL_FUNCTION) {
1730+
if (callee_func->type == ZEND_INTERNAL_FUNCTION) {
17291731
ret |= FUNC_MAY_WARN;
17301732
}
1731-
if (call_info->callee_func->common.fn_flags & ZEND_ACC_GENERATOR) {
1733+
if (callee_func->common.fn_flags & ZEND_ACC_GENERATOR) {
17321734
ret = MAY_BE_RC1 | MAY_BE_RCN | MAY_BE_OBJECT;
1733-
} else if (call_info->callee_func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) {
1735+
} else if (callee_func->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) {
17341736
ret |= MAY_BE_REF;
17351737
} else {
17361738
ret |= MAY_BE_RC1 | MAY_BE_RCN;

0 commit comments

Comments
 (0)