From ccfd0d8ffe0aa62bcb883f0f282050d7bf2fdfac Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Sat, 8 Jul 2023 13:00:23 +0200 Subject: [PATCH] Fix double-compilation of arrow-function We transform the arrow function by nesting the expression into a return statement. If we compile the arrow function twice this would be done twice, leading to a compile assertion. Fix oss-fuzz #60411 --- Zend/tests/oss_fuzz_60441.phpt | 11 +++++++++++ Zend/zend_compile.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 Zend/tests/oss_fuzz_60441.phpt diff --git a/Zend/tests/oss_fuzz_60441.phpt b/Zend/tests/oss_fuzz_60441.phpt new file mode 100644 index 000000000000..7492a754ba09 --- /dev/null +++ b/Zend/tests/oss_fuzz_60441.phpt @@ -0,0 +1,11 @@ +--TEST-- +oss-fuzz #60441 (Double compilation of arrow function) +--FILE-- +y)[y]??=y; +?> +--EXPECTF-- +Fatal error: Uncaught Error: Undefined constant "y" in %s:%d +Stack trace: +#0 {main} + thrown in %s on line %d diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 2b43fc9b388e..8508b1d230c8 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -7425,7 +7425,7 @@ static void zend_compile_func_decl(znode *result, zend_ast *ast, bool toplevel) zend_compile_closure_uses(uses_ast); } - if (ast->kind == ZEND_AST_ARROW_FUNC) { + if (ast->kind == ZEND_AST_ARROW_FUNC && decl->child[2]->kind != ZEND_AST_RETURN) { bool needs_return = true; if (op_array->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) { zend_arg_info *return_info = CG(active_op_array)->arg_info - 1;