Skip to content

Commit 517738b

Browse files
dstogovdstogov
committed
Merge branch 'PHP-8.1'
* PHP-8.1: JIT: Fix uninitialized result of ASSIGN_DIM[_OP] after clobbering array by user error handler
2 parents 0d6232d + 005d5f4 commit 517738b

File tree

2 files changed

+44
-6
lines changed

2 files changed

+44
-6
lines changed

ext/opcache/jit/zend_jit_helpers.c

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -570,6 +570,8 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
570570
zend_ulong hval;
571571
zend_string *offset_key;
572572
zval *retval;
573+
zend_execute_data *execute_data;
574+
const zend_op *opline;
573575

574576
if (Z_TYPE_P(dim) == IS_REFERENCE) {
575577
dim = Z_REFVAL_P(dim);
@@ -583,9 +585,15 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
583585
offset_key = Z_STR_P(dim);
584586
goto str_index;
585587
case IS_UNDEF:
586-
if (!zend_jit_undefined_op_helper_write(ht, EG(current_execute_data)->opline->op2.var)) {
587-
if (EG(exception)) {
588-
undef_result_after_exception();
588+
execute_data = EG(current_execute_data);
589+
opline = EX(opline);
590+
if (!zend_jit_undefined_op_helper_write(ht, opline->op2.var)) {
591+
if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
592+
if (EG(exception)) {
593+
ZVAL_UNDEF(EX_VAR(opline->result.var));
594+
} else {
595+
ZVAL_NULL(EX_VAR(opline->result.var));
596+
}
589597
}
590598
return NULL;
591599
}
@@ -636,6 +644,8 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_w_helper(zend_array *ht, zval *dim
636644
zend_ulong hval;
637645
zend_string *offset_key;
638646
zval *retval;
647+
zend_execute_data *execute_data;
648+
const zend_op *opline;
639649

640650
if (Z_TYPE_P(dim) == IS_REFERENCE) {
641651
dim = Z_REFVAL_P(dim);
@@ -649,9 +659,15 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_w_helper(zend_array *ht, zval *dim
649659
offset_key = Z_STR_P(dim);
650660
goto str_index;
651661
case IS_UNDEF:
652-
if (!zend_jit_undefined_op_helper_write(ht, EG(current_execute_data)->opline->op2.var)) {
653-
if (EG(exception)) {
654-
undef_result_after_exception();
662+
execute_data = EG(current_execute_data);
663+
opline = EX(opline);
664+
if (!zend_jit_undefined_op_helper_write(ht, opline->op2.var)) {
665+
if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
666+
if (EG(exception)) {
667+
ZVAL_UNDEF(EX_VAR(opline->result.var));
668+
} else {
669+
ZVAL_NULL(EX_VAR(opline->result.var));
670+
}
655671
}
656672
return NULL;
657673
}

ext/opcache/tests/jit/assign_dim_005.phpt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
--TEST--
2+
JIT ASSIGN_DIM: 005
3+
--INI--
4+
opcache.enable=1
5+
opcache.enable_cli=1
6+
opcache.file_update_protection=0
7+
opcache.jit_buffer_size=1M
8+
--FILE--
9+
<?php
10+
set_error_handler(function ($code, $msg) {
11+
echo "Error: $msg\n";
12+
$GLOBALS['a'] = null;
13+
});
14+
15+
$a[$c] =
16+
$a[$c] = 'x' ;
17+
var_dump($a);
18+
?>
19+
--EXPECT--
20+
Error: Undefined variable $c
21+
Error: Undefined variable $c
22+
NULL

0 commit comments

Comments
 (0)