Description
The following code:
<?php
try {
function doRandom($iter) {
for ($i = 0; $i < $iter; $i++) {
$lines = [];
for ($j = 0; $j < $nLines; $j++) {
$lines[] = $line;
}
foreach ($lines as $i => $line) {
}
}
}
$iter = 10000;
doRandom($iter);
} catch (\Throwable $_ffl_e) {}Resulted in this output:
php: ext/opcache/jit/zend_jit_trace.c:361: uint32_t zend_jit_trace_type_to_info_ex(uint8_t, uint32_t): Assertion `info & (1 << type)' failed.
Aborted (core dumped)
To reproduce:
./php-src/sapi/cli/php -d opcache.enable_cli=1 -d opcache.jit=1254 ./test.php
Commit:
dc807bca6d2ea6463748b7398f7910841f96b7ea
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv
Operating System:
Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest
This bug was found by fusion-fuzz
PHP Version
Operating System
No response
Description
The following code:
Resulted in this output:
To reproduce:
Commit:
Configurations:
Operating System:
This bug was found by fusion-fuzz
PHP Version
Operating System
No response