JIT: Fix ASSIGN_DIM_OP with undefined variable and index and user error handler, throwing an exception

dstogov · dstogov · commit 2fde308fc6b3 · 2021-12-02T22:19:48.000+03:00
Fixes oss-fuzz #39422
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
@@ -690,6 +690,9 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
 		case IS_UNDEF:
 			execute_data = EG(current_execute_data);
 			opline = EX(opline);
+			if (UNEXPECTED(opline->opcode == ZEND_HANDLE_EXCEPTION)) {
+				opline = EG(opline_before_exception);
+			}
 			if (!zend_jit_undefined_op_helper_write(ht, opline->op2.var)) {
 				if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
 					if (EG(exception)) {
diff --git a/ext/opcache/tests/jit/assign_dim_op_005.phpt b/ext/opcache/tests/jit/assign_dim_op_005.phpt
@@ -0,0 +1,32 @@
+--TEST--
+JIT ASSIGN_DIM_OP: Undefined variable and index with exception
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+set_error_handler(function($_, $m){
+    throw new Exception($m);
+});
+function test1() {
+    $res = $a[$undef] = null;
+}
+function test2() {
+    $res = $a[$undef] += 1;
+}
+try {
+    test1();
+} catch (Exception $e) {
+    echo $e->getMessage(), "\n";
+}
+try {
+    test2();
+} catch (Exception $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Undefined variable $undef
+Undefined variable $a
