BIND_STATIC may throw

The evaluation of the initializer may throw. This could be refined by checking whether the initializer is a constant AST. For now just fix the miscompile.
php · Sep 13, 2021 · b610dce · b610dce
1 parent 12b0f1b
commit b610dce
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c
@@ -4552,9 +4552,15 @@ int zend_may_throw_ex(const zend_op *opline, const zend_ssa_op *ssa_op, const ze
 			if (t1 & MAY_BE_REF) {
 				return 1;
 			}
-		case ZEND_BIND_STATIC:
 		case ZEND_UNSET_VAR:
 			return (t1 & (MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_ARRAY_OF_RESOURCE|MAY_BE_ARRAY_OF_ARRAY));
+		case ZEND_BIND_STATIC:
+			if (t1 & (MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_ARRAY_OF_RESOURCE|MAY_BE_ARRAY_OF_ARRAY)) {
+				/* Destructor may throw. */
+				return 1;
+			}
+			/* TODO: May not throw if initializer is not CONSTANT_AST. */
+			return 1;
 		case ZEND_ASSIGN_DIM:
 			if ((opline+1)->op1_type == IS_CV) {
 				if (_ssa_op1_info(op_array, ssa, opline+1, ssa_op+1) & MAY_BE_UNDEF) {

diff --git a/ext/opcache/tests/jit/bind_static.phpt b/ext/opcache/tests/jit/bind_static.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bind static may throw
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test() {
+    static $N = UNDEFINED;
+    throw new Exception;
+}
+try {
+    test();
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Undefined constant "UNDEFINED"