Fix JIT call chain check without call opcode

nikic · nikic · commit 133afe8591ea · 2021-09-13T16:48:38.000+02:00
The do_fcall opcode may have been optimized away if an opcode like
exit is present in the arguments. In that case the opcode scan
would go past the end of the op array.
diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c
@@ -435,7 +435,8 @@ static int zend_jit_needs_call_chain(zend_call_info *call_info, uint32_t b, cons
 	} else {
 		const zend_op *end = call_info->caller_call_opline;
 
-		if (end - op_array->opcodes >= ssa->cfg.blocks[b].start + ssa->cfg.blocks[b].len) {
+		/* end may be null if an opcode like EXIT is part of the argument list. */
+		if (!end || end - op_array->opcodes >= ssa->cfg.blocks[b].start + ssa->cfg.blocks[b].len) {
 			/* INIT_FCALL and DO_FCALL in different BasicBlocks */
 			return 1;
 		}
diff --git a/ext/opcache/tests/jit/call_chain_exit.phpt b/ext/opcache/tests/jit/call_chain_exit.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Exit in argument list
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+var_dump(exit);
+?>
+--EXPECT--

Original file line number	Diff line number	Diff line change
`@@ -435,7 +435,8 @@ static int zend_jit_needs_call_chain(zend_call_info *call_info, uint32_t b, cons`
`435`	`435`	`} else {`
`436`	`436`	`const zend_op *end = call_info->caller_call_opline;`
`437`	`437`
`438`		`- if (end - op_array->opcodes >= ssa->cfg.blocks[b].start + ssa->cfg.blocks[b].len) {`
	`438`	`+ /* end may be null if an opcode like EXIT is part of the argument list. */`
	`439`	`+ if (!end \|\| end - op_array->opcodes >= ssa->cfg.blocks[b].start + ssa->cfg.blocks[b].len) {`
`439`	`440`	`/* INIT_FCALL and DO_FCALL in different BasicBlocks */`
`440`	`441`	`return 1;`
`441`	`442`	`}`