Skip to content

Commit 2fe0b34

Browse files
shqkingdstogov
shqking
authored and
dstogov
committed
Add necessary assertions on range for INIT_FCALL and DO_FCALL
Range checks are needed before encoding them into AArch64 instructions as immediates.
1 parent 712baa3 commit 2fe0b34

File tree

1 file changed

+17
-13
lines changed

1 file changed

+17
-13
lines changed

ext/opcache/jit/zend_jit_arm64.dasc

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,8 @@
8989

9090
#define TMP_ZVAL_OFFSET 0
9191
#define DASM_ALIGNMENT 16
92-
#define MAX_IMM12 0xfff // maximum value for imm12
92+
#define MAX_IMM12 0xfff // maximum value for imm12
93+
#define LDR_STR_IMM (MAX_IMM12 * 8) // maximum value for imm12 * 8
9394

9495
#include "Zend/zend_cpuinfo.h"
9596

@@ -1458,8 +1459,7 @@ static int zend_jit_undefined_function_stub(dasm_State **Dst)
14581459
| LOAD_ADDR CARG2, "Call to undefined function %s()"
14591460
| ldr CARG3w, [REG0, #offsetof(zend_op, op2.constant)]
14601461
| sxtw CARG3, CARG3w
1461-
| add REG0, REG0, CARG3
1462-
| ldr CARG3, [REG0]
1462+
| ldr CARG3, [REG0, CARG3]
14631463
| add CARG3, CARG3, #offsetof(zend_string, val)
14641464
| EXT_CALL zend_throw_error, REG0
14651465
| b ->exception_handler
@@ -4876,6 +4876,7 @@ static int zend_jit_init_fcall(dasm_State **Dst, const zend_op *opline, uint32_t
48764876
| EXT_CALL zend_jit_init_func_run_time_cache_helper, REG0
48774877
| ldr REG1, EX->run_time_cache
48784878
| mov REG0, RETVALx
4879+
|| ZEND_ASSERT(opline->result.num <= LDR_STR_IMM);
48794880
| str REG0, [REG1, #opline->result.num]
48804881
| b >3
48814882
} else {
@@ -5380,7 +5381,9 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
53805381
for (i = call_num_args; i < func->op_array.last_var; i++) {
53815382
uint32_t n = EX_NUM_TO_VAR(i);
53825383
| // ZVAL_UNDEF(EX_VAR(n))
5383-
| str wzr, [RX, #(n + offsetof(zval,u1.type_info))]
5384+
|| ZEND_ASSERT(n <= MAX_IMM12);
5385+
| add TMP1, RX, #n
5386+
| SET_Z_TYPE_INFO TMP1, IS_UNDEF, TMP2w
53845387
}
53855388

53865389
if (call_num_args <= func->op_array.num_args) {
@@ -5403,25 +5406,26 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
54035406
| LOAD_IP_ADDR (func->op_array.opcodes + num_args)
54045407
} else {
54055408
| ldr REG0, EX->func
5409+
|| ZEND_ASSERT((num_args * sizeof(zend_op)) <= MAX_IMM12);
54065410
if (GCC_GLOBAL_REGS) {
54075411
| ldr IP, [REG0, #offsetof(zend_op_array, opcodes)]
54085412
if (num_args) {
54095413
| add IP, IP, #(num_args * sizeof(zend_op))
54105414
}
54115415
} else {
5412-
| ldr REG1, [REG0, #offsetof(zend_op_array, opcodes)]
5416+
| ldr FCARG1x, [REG0, #offsetof(zend_op_array, opcodes)]
54135417
if (num_args) {
5414-
| add REG1, REG1, #(num_args * sizeof(zend_op))
5418+
| add FCARG1x, FCARG1x, #(num_args * sizeof(zend_op))
54155419
}
5416-
| str REG1, EX->opline
5420+
| str FCARG1x, EX->opline
54175421
}
54185422
}
54195423

54205424
if (!trace && op_array == &func->op_array) {
54215425
/* recursive call */
54225426
if (ZEND_OBSERVER_ENABLED) {
54235427
| SAVE_IP
5424-
| mov CARG1, FP
5428+
| mov FCARG1x, FP
54255429
| EXT_CALL zend_observer_fcall_begin, REG0
54265430
}
54275431
#ifdef CONTEXT_THREADED_JIT
@@ -5440,12 +5444,12 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
54405444
} else if (GCC_GLOBAL_REGS) {
54415445
| ldr IP, [REG0, #offsetof(zend_op_array, opcodes)]
54425446
} else {
5443-
| ldr CARG1, [REG0, #offsetof(zend_op_array, opcodes)]
5444-
| str CARG1, EX->opline
5447+
| ldr FCARG1x, [REG0, #offsetof(zend_op_array, opcodes)]
5448+
| str FCARG1x, EX->opline
54455449
}
54465450
}
54475451
if (!GCC_GLOBAL_REGS) {
5448-
| mov CARG1, FP
5452+
| mov FCARG1x, FP
54495453
}
54505454
| EXT_CALL zend_jit_copy_extra_args_helper, REG0
54515455
}
@@ -5460,10 +5464,10 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
54605464
| str FCARG1x, EX->opline
54615465
}
54625466
if (func) {
5463-
| brk #0 // TODO
54645467
| // num_args = EX_NUM_ARGS();
54655468
| ldr REG1w, [FP, #offsetof(zend_execute_data, This.u2.num_args)]
54665469
| // if (UNEXPECTED(num_args > first_extra_arg))
5470+
|| ZEND_ASSERT(func->op_array.num_args <= MAX_IMM12);
54675471
| cmp REG1w, #(func->op_array.num_args)
54685472
} else {
54695473
| // first_extra_arg = op_array->num_args;
@@ -5494,7 +5498,7 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
54945498
|1:
54955499
| // if (EXPECTED((int)num_args < op_array->last_var)) {
54965500
if (func) {
5497-
| movz REG2w, #(func->op_array.last_var)
5501+
| LOAD_32BIT_VAL REG2w, func->op_array.last_var
54985502
} else {
54995503
| ldr REG2w, [REG0, #offsetof(zend_op_array, last_var)]
55005504
}

0 commit comments

Comments
 (0)