Fixed conditional jump on uninitialised value (Zend/tests/match/028.phpt failure with function JIT)

dstogov · dstogov · commit 94b800182d86 · 2021-08-12T16:05:05.000+03:00
diff --git a/ext/opcache/jit/zend_jit_arm64.dasc b/ext/opcache/jit/zend_jit_arm64.dasc
@@ -9460,6 +9460,11 @@ static int zend_jit_send_val(dasm_State **Dst, const zend_op *opline, uint32_t o
 			|	bne >1
 			|.cold_code
 			|1:
+			if (Z_MODE(op1_addr) == IS_REG) {
+				/* set type to avoid zval_ptr_dtor() on uninitialized value */
+				zend_jit_addr addr = ZEND_ADDR_MEM_ZVAL(ZREG_FP, opline->op1.var);
+				|	SET_ZVAL_TYPE_INFO addr, IS_UNDEF, TMP1w, TMP2
+			}
 			|	SET_EX_OPLINE opline, REG0
 			|	b ->throw_cannot_pass_by_ref
 			|.code
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -10091,6 +10091,11 @@ static int zend_jit_send_val(dasm_State **Dst, const zend_op *opline, uint32_t o
 			|	jnz >1
 			|.cold_code
 			|1:
+			if (Z_MODE(op1_addr) == IS_REG) {
+				/* set type to avoid zval_ptr_dtor() on uninitialized value */
+				zend_jit_addr addr = ZEND_ADDR_MEM_ZVAL(ZREG_FP, opline->op1.var);
+				|	SET_ZVAL_TYPE_INFO addr, IS_UNDEF
+			}
 			|	SET_EX_OPLINE opline, r0
 			|	jmp ->throw_cannot_pass_by_ref
 			|.code
