Skip to content

Commit e50ed0f

Browse files
dstogovdstogov
committed
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1: Fixed incorrect VM stack overflow checks elimination
2 parents 93becab + 1a96d64 commit e50ed0f

File tree

2 files changed

+25
-6
lines changed

2 files changed

+25
-6
lines changed

ext/opcache/jit/zend_jit_internal.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -602,6 +602,8 @@ struct _zend_jit_trace_stack_frame {
602602
uint32_t call_level;
603603
uint32_t _info;
604604
int used_stack;
605+
int old_checked_stack;
606+
int old_peek_checked_stack;
605607
zend_jit_trace_stack stack[1];
606608
};
607609

ext/opcache/jit/zend_jit_trace.c

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6578,7 +6578,8 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
65786578
op_array_ssa = &jit_extension->func_info.ssa;
65796579
top = frame;
65806580
if (frame->prev) {
6581-
checked_stack -= frame->used_stack;
6581+
checked_stack = frame->old_checked_stack;
6582+
peek_checked_stack = frame->old_peek_checked_stack;
65826583
frame = frame->prev;
65836584
stack = frame->stack;
65846585
ZEND_ASSERT(&frame->func->op_array == op_array);
@@ -6751,24 +6752,40 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
67516752
}
67526753
}
67536754
}
6755+
call->old_checked_stack = checked_stack;
6756+
call->old_peek_checked_stack = peek_checked_stack;
67546757
if (p->info & ZEND_JIT_TRACE_FAKE_INIT_CALL) {
67556758
frame->call_level++;
6756-
call->used_stack = 0;
6759+
call->used_stack = checked_stack = peek_checked_stack = 0;
67576760
} else {
67586761
if (p->func) {
67596762
call->used_stack = zend_vm_calc_used_stack(init_opline->extended_value, (zend_function*)p->func);
67606763
} else {
67616764
call->used_stack = (ZEND_CALL_FRAME_SLOT + init_opline->extended_value) * sizeof(zval);
67626765
}
6763-
checked_stack += call->used_stack;
6764-
if (checked_stack > peek_checked_stack) {
6765-
peek_checked_stack = checked_stack;
6766+
switch (init_opline->opcode) {
6767+
case ZEND_INIT_FCALL:
6768+
case ZEND_INIT_FCALL_BY_NAME:
6769+
case ZEND_INIT_NS_FCALL_BY_NAME:
6770+
case ZEND_INIT_METHOD_CALL:
6771+
case ZEND_INIT_DYNAMIC_CALL:
6772+
//case ZEND_INIT_STATIC_METHOD_CALL:
6773+
//case ZEND_INIT_USER_CALL:
6774+
//case ZEND_NEW:
6775+
checked_stack += call->used_stack;
6776+
if (checked_stack > peek_checked_stack) {
6777+
peek_checked_stack = checked_stack;
6778+
}
6779+
break;
6780+
default:
6781+
checked_stack = peek_checked_stack = 0;
67666782
}
67676783
}
67686784
} else if (p->op == ZEND_JIT_TRACE_DO_ICALL) {
67696785
call = frame->call;
67706786
if (call) {
6771-
checked_stack -= call->used_stack;
6787+
checked_stack = call->old_checked_stack;
6788+
peek_checked_stack = call->old_peek_checked_stack;
67726789
top = call;
67736790
frame->call = call->prev;
67746791
}

0 commit comments

Comments
 (0)