jit: fixed "Uninitialized string offset" warning being emitted at the same time as invalid offset Error

Girgias · Girgias · commit ed8b9018696f · 2023-11-27T16:04:41.000Z
diff --git a/NEWS b/NEWS
@@ -29,6 +29,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
     (nielsdos)
 
+- Opcache:
+  . Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning
+    at the same time as invalid offset Error). (Girgias)
+
 - OpenSSL:
   . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
     (Jakub Zelenka)
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
@@ -1106,6 +1106,9 @@ static zend_string* ZEND_FASTCALL zend_jit_fetch_dim_str_r_helper(zend_string *s
 	} else {
 		offset = Z_LVAL_P(dim);
 	}
+	if (UNEXPECTED(EG(exception) != NULL)) {
+		return ZSTR_EMPTY_ALLOC();
+	}
 	return zend_jit_fetch_dim_str_offset(str, offset);
 }
 
diff --git a/ext/opcache/tests/jit/gh12723-A.phpt b/ext/opcache/tests/jit/gh12723-A.phpt
@@ -0,0 +1,20 @@
+--TEST--
+GH-12723: Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+--FILE--
+<?php
+
+$container = '';
+$dimension = [];
+
+try {
+    var_dump($container[$dimension]);
+} catch (\Throwable $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Cannot access offset of type array on string

Original file line number	Diff line number	Diff line change
`@@ -1106,6 +1106,9 @@ static zend_string* ZEND_FASTCALL zend_jit_fetch_dim_str_r_helper(zend_string *s`
`1106`	`1106`	`} else {`
`1107`	`1107`	`offset = Z_LVAL_P(dim);`
`1108`	`1108`	`}`
	`1109`	`+ if (UNEXPECTED(EG(exception) != NULL)) {`
	`1110`	`+ return ZSTR_EMPTY_ALLOC();`
	`1111`	`+ }`
`1109`	`1112`	`return zend_jit_fetch_dim_str_offset(str, offset);`
`1110`	`1113`	`}`
`1111`	`1114`