JIT: Fixed memory leak when opperand of ADD IS_VAR and IS_REFERENCE

php · Sep 22, 2021 · c77c79a · c77c79a
1 parent 560dafb
commit c77c79a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -4256,29 +4256,29 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						op2_addr = OP2_REG_ADDR();
 						if (orig_op1_type != IS_UNKNOWN
 						 && (orig_op1_type & IS_TRACE_REFERENCE)
+						 && opline->op1_type == IS_CV
 						 && (Z_MODE(op2_addr) != IS_REG || Z_REG(op2_addr) != ZREG_FCARG1)
 						 && (orig_op2_type == IS_UNKNOWN || !(orig_op2_type & IS_TRACE_REFERENCE))) {
 							if (!zend_jit_fetch_reference(&dasm_state, opline, orig_op1_type, &op1_info, &op1_addr,
 									!ssa->var_info[ssa_op->op1_use].guarded_reference, 1)) {
 								goto jit_failure;
 							}
-							if (opline->op1_type == IS_CV
-							 && ssa->vars[ssa_op->op1_use].alias == NO_ALIAS) {
+							if (ssa->vars[ssa_op->op1_use].alias == NO_ALIAS) {
 								ssa->var_info[ssa_op->op1_use].guarded_reference = 1;
 							}
 						} else {
 							CHECK_OP1_TRACE_TYPE();
 						}
 						if (orig_op2_type != IS_UNKNOWN
 						 && (orig_op2_type & IS_TRACE_REFERENCE)
+						 && opline->op2_type == IS_CV
 						 && (Z_MODE(op1_addr) != IS_REG || Z_REG(op1_addr) != ZREG_FCARG1)
 						 && (orig_op1_type == IS_UNKNOWN || !(orig_op1_type & IS_TRACE_REFERENCE))) {
 							if (!zend_jit_fetch_reference(&dasm_state, opline, orig_op2_type, &op2_info, &op2_addr,
 									!ssa->var_info[ssa_op->op2_use].guarded_reference, 1)) {
 								goto jit_failure;
 							}
-							if (opline->op2_type == IS_CV
-							 && ssa->vars[ssa_op->op2_use].alias == NO_ALIAS) {
+							if (ssa->vars[ssa_op->op2_use].alias == NO_ALIAS) {
 								ssa->var_info[ssa_op->op2_use].guarded_reference = 1;
 							}
 						} else {

diff --git a/ext/opcache/tests/jit/add_008.phpt b/ext/opcache/tests/jit/add_008.phpt
@@ -0,0 +1,18 @@
+--TEST--
+JIT ADD: 008 Addition with reference IS_VAR
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.protect_memory=1
+opcache.jit=tracing
+--EXTENSIONS--
+opcache
+--FILE--
+<?php
+($a =& $b) + ($a = 1);
+?>
+DONE
+--EXPECT--
+DONE