Merge branch 'PHP-8.2' into PHP-8.3

dstogov · dstogov · commit 8b7f64fa41a5 · 2024-09-26T15:44:05.000+03:00
* PHP-8.2:
  Fix possible NULL dereference
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -1251,7 +1251,8 @@ static zend_ssa *zend_jit_trace_build_tssa(zend_jit_trace_rec *trace_buffer, uin
 			}
 		} else if (p->op == ZEND_JIT_TRACE_DO_ICALL) {
 			if (JIT_G(opt_level) < ZEND_JIT_LEVEL_OPT_FUNC) {
-				if (p->func != (zend_function*)&zend_pass_function
+				if (p->func
+				 && p->func != (zend_function*)&zend_pass_function
 				 && (zend_string_equals_literal(p->func->common.function_name, "extract")
 				  || zend_string_equals_literal(p->func->common.function_name, "compact")
 				  || zend_string_equals_literal(p->func->common.function_name, "get_defined_vars"))) {
@@ -6225,7 +6226,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 					goto jit_failure;
 				}
 				if ((p+1)->op == ZEND_JIT_TRACE_INIT_CALL && (p+1)->func) {
-					if (opline->opcode == ZEND_NEW && ssa_op->result_def >= 0) {
+					if (opline->opcode == ZEND_NEW && opline->result_type != IS_UNUSED) {
 						SET_STACK_TYPE(stack, EX_VAR_TO_NUM(opline->result.var), IS_OBJECT, 1);
 					}
 					if (zend_jit_may_be_polymorphic_call(opline) ||

Original file line number	Diff line number	Diff line change
`@@ -1251,7 +1251,8 @@ static zend_ssa zend_jit_trace_build_tssa(zend_jit_trace_rec trace_buffer, uin`
`1251`	`1251`	`}`
`1252`	`1252`	`} else if (p->op == ZEND_JIT_TRACE_DO_ICALL) {`
`1253`	`1253`	`if (JIT_G(opt_level) < ZEND_JIT_LEVEL_OPT_FUNC) {`
`1254`		`- if (p->func != (zend_function*)&zend_pass_function`
	`1254`	`+ if (p->func`
	`1255`	`+ && p->func != (zend_function*)&zend_pass_function`
`1255`	`1256`	`&& (zend_string_equals_literal(p->func->common.function_name, "extract")`
`1256`	`1257`	`\|\| zend_string_equals_literal(p->func->common.function_name, "compact")`
`1257`	`1258`	`\|\| zend_string_equals_literal(p->func->common.function_name, "get_defined_vars"))) {`
`@@ -6225,7 +6226,7 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`6225`	`6226`	`goto jit_failure;`
`6226`	`6227`	`}`
`6227`	`6228`	`if ((p+1)->op == ZEND_JIT_TRACE_INIT_CALL && (p+1)->func) {`
`6228`		`- if (opline->opcode == ZEND_NEW && ssa_op->result_def >= 0) {`
	`6229`	`+ if (opline->opcode == ZEND_NEW && opline->result_type != IS_UNUSED) {`
`6229`	`6230`	`SET_STACK_TYPE(stack, EX_VAR_TO_NUM(opline->result.var), IS_OBJECT, 1);`
`6230`	`6231`	`}`
`6231`	`6232`	`if (zend_jit_may_be_polymorphic_call(opline) \|\|`