Skip to content

Fix fatal error during sccp shift eval #19972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix fatal error during sccp shift eval #19972

wants to merge 1 commit into from
+19 −2

Conversation

iluuu1994
Copy link
Member

Avoid returning early in this function, as other checks might still be needed to verify whether the given function can procude an error.

Fixes oss-fuzz #447521098

@iluuu1994
Fix fatal error during sccp shift eval
7ead18e 
Avoid returning early in this function, as other checks might still be needed to
verify whether the given function can procude an error.

Fixes oss-fuzz #447521098
@iluuu1994 iluuu1994 requested a review from Girgias September 26, 2025 12:31
Girgias
Girgias reviewed Sep 27, 2025
View reviewed changes
Zend/zend_compile.c
Comment on lines 9999 to +10003
if (opcode == ZEND_SL || opcode == ZEND_SR || opcode == ZEND_BW_OR
|| opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR) {
return !zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2);
if (!zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2)) {
return 1;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other thing you could do, is move the:

	if ((opcode == ZEND_SL || opcode == ZEND_SR) && zval_get_long(op2) < 0) {
		/* Shift by negative number throws an error. */
		return 1;
	}

code check above this one or move this back to be last check as it was previously. This shouldn't be a problem now that ZEND_MOD is dealt separately.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's great to mix early returns for positive and negative results (or conditional results), as checks become order-dependent. I'll keep this simple change for now, but if you feel strongly you can still adjust on master.

@iluuu1994 iluuu1994 closed this in 16a8591 Sep 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Girgias Girgias Girgias left review comments

Assignees

No one assigned

Labels

Category: Engine

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iluuu1994 @Girgias