Also make sure binary op operands can't be undef

nikic · nikic · commit 8c3d33a05490 · 2021-09-09T15:08:08.000+02:00
Otherwise we will end up passing undef to xyz_function etc, which
is not permitted.
diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c
@@ -2070,6 +2070,9 @@ static zend_lifetime_interval** zend_jit_allocate_registers(const zend_op_array
 
 static bool zend_jit_supported_binary_op(zend_uchar op, uint32_t op1_info, uint32_t op2_info)
 {
+	if ((op1_info & MAY_BE_UNDEF) || (op2_info & MAY_BE_UNDEF)) {
+		return false;
+	}
 	switch (op) {
 		case ZEND_POW:
 		case ZEND_DIV:
@@ -2522,9 +2525,6 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 						}
 						op1_info = OP1_INFO();
 						op2_info = OP2_INFO();
-						if ((op1_info & MAY_BE_UNDEF) || (op2_info & MAY_BE_UNDEF)) {
-							break;
-						}
 						if (!zend_jit_supported_binary_op(
 								opline->extended_value, op1_info, op2_info)) {
 							break;
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -4157,9 +4157,6 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						CHECK_OP1_TRACE_TYPE();
 						op2_info = OP2_INFO();
 						CHECK_OP2_TRACE_TYPE();
-						if ((op1_info & MAY_BE_UNDEF) || (op2_info & MAY_BE_UNDEF)) {
-							break;
-						}
 						if (!zend_jit_supported_binary_op(
 								opline->extended_value, op1_info, op2_info)) {
 							break;
@@ -4184,11 +4181,6 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						}
 						goto done;
 					case ZEND_ASSIGN_DIM_OP:
-						if (opline->extended_value == ZEND_POW
-						 || opline->extended_value == ZEND_DIV) {
-							// TODO: check for division by zero ???
-							break;
-						}
 						if (opline->result_type != IS_UNUSED) {
 							break;
 						}
diff --git a/ext/opcache/tests/jit/assign_dim_op_003.phpt b/ext/opcache/tests/jit/assign_dim_op_003.phpt
@@ -0,0 +1,14 @@
+--TEST--
+JIT ASSIGN_DIM_OP: Undefined variable variation
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+$a = [];
+$a[] &= $b;
+?>
+--EXPECTF--
+Warning: Undefined variable $b in %s on line %d
