Don't jit FE_RESET_R with undef operand

The implementation currently assumes that the operand is always an array, but this did not account for a possibly undef operand.
php · Sep 17, 2021 · d46b102 · d46b102
1 parent e250ce6
commit d46b102
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c
@@ -3282,7 +3282,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 						goto done;
 					case ZEND_FE_RESET_R:
 						op1_info = OP1_INFO();
-						if ((op1_info & (MAY_BE_ANY|MAY_BE_REF)) != MAY_BE_ARRAY) {
+						if ((op1_info & (MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF)) != MAY_BE_ARRAY) {
 							break;
 						}
 						if (!zend_jit_fe_reset(&dasm_state, opline, op1_info)) {

diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -5527,7 +5527,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 					case ZEND_FE_RESET_R:
 						op1_info = OP1_INFO();
 						CHECK_OP1_TRACE_TYPE();
-						if ((op1_info & (MAY_BE_ANY|MAY_BE_REF)) != MAY_BE_ARRAY) {
+						if ((op1_info & (MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF)) != MAY_BE_ARRAY) {
 							break;
 						}
 						if (!zend_jit_fe_reset(&dasm_state, opline, op1_info)) {

diff --git a/ext/opcache/tests/jit/fe_reset_undef.phpt b/ext/opcache/tests/jit/fe_reset_undef.phpt
@@ -0,0 +1,21 @@
+--TEST--
+FE_RESET with potentially undef operand
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test($c) {
+    if ($c) {
+        $a[] = null;
+    }
+    foreach ($a as $k) {}
+}
+test(false);
+?>
+--EXPECTF--
+Warning: Undefined variable $a in %s on line %d
+
+Warning: foreach() argument must be of type array|object, null given in %s on line %d