Skip to content

Commit

Permalink
JIT: Fix incorrect type store elimination
Browse files Browse the repository at this point in the history 
Fixes oss-fuzz #42388
  • Loading branch information
@dstogov
dstogov committed Dec 17, 2021
1 parent 49380b5 commit 6630603
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 9 deletions.
16 changes: 7 additions & 9 deletions ext/opcache/jit/zend_jit_trace.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4609,15 +4609,13 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
op2_info = OP2_INFO();
CHECK_OP2_TRACE_TYPE();
op1_info = OP1_INFO();
if (ssa->vars[ssa_op->op1_use].no_val) {
if ((op1_info & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_GUARD)) == MAY_BE_LONG
|| (op1_info & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_GUARD)) == MAY_BE_DOUBLE) {
if (STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) != IS_LONG
&& STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) != IS_DOUBLE) {
/* type may be not set */
op1_info |= MAY_BE_NULL;
}
}
if ((op1_info & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_GUARD)) == MAY_BE_LONG
|| (op1_info & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_GUARD)) == MAY_BE_DOUBLE) {
if (STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) != IS_LONG
&& STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) != IS_DOUBLE) {
/* type may be not set */
op1_info |= MAY_BE_NULL;
}
}
CHECK_OP1_TRACE_TYPE();
op1_def_info = OP1_DEF_INFO();
Expand Down
43 changes: 43 additions & 0 deletions ext/opcache/tests/jit/assign_048.phpt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
--TEST--
JIT ASSIGN: incorrect type store elimination
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
opcache.protect_memory=1
opcache.optimization_level=0x7FFEBFFF
--FILE--
<?php
function test(){
$j = 0;
for($i=0; $i<10; $i++) {
+$b = +$b = unserialize('');
$y[] = 4;
$a + ~$b = $j++;
}
}
test();
?>
DONE
--EXPECTF--
Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7

Warning: Undefined variable $a in %sassign_048.php on line 7
DONE

0 comments on commit 6630603

Please sign in to comment.