Skip to content

Commit 2de0d8e

Browse files
dstogovdstogov
committed
Merge branch 'PHP-8.4'
* PHP-8.4: Fix phpGH-16821: runtime error: member access within misaligned address when running phpseclib tests (php#16951)
2 parents c2a6a7d + b89d7ff commit 2de0d8e

File tree

1 file changed

+29
-6
lines changed

1 file changed

+29
-6
lines changed

ext/opcache/jit/zend_jit_ir.c

+29-6
Original file line numberDiff line numberDiff line change
@@ -17742,8 +17742,15 @@ static void jit_frameless_icall2(zend_jit_ctx *jit, const zend_op *opline, uint3
1774217742

1774317743
jit_FREE_OP(jit, opline->op1_type, opline->op1, op1_info, NULL);
1774417744
/* Set OP1 to UNDEF in case FREE_OP2() throws. */
17745-
if ((opline->op1_type & (IS_VAR|IS_TMP_VAR)) != 0 && (opline->op2_type & (IS_VAR|IS_TMP_VAR)) != 0) {
17745+
if ((opline->op1_type & (IS_VAR|IS_TMP_VAR)) != 0
17746+
&& (opline->op2_type & (IS_VAR|IS_TMP_VAR)) != 0
17747+
&& (op2_info & MAY_BE_RC1)
17748+
&& (op2_info & (MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_ARRAY_OF_RESOURCE|MAY_BE_ARRAY_OF_ARRAY))) {
1774617749
jit_set_Z_TYPE_INFO(jit, op1_addr, IS_UNDEF);
17750+
if (JIT_G(current_frame)) {
17751+
SET_STACK_TYPE(JIT_G(current_frame)->stack,
17752+
EX_VAR_TO_NUM(opline->op1.var), IS_UNKNOWN, 1);
17753+
}
1774717754
}
1774817755
jit_FREE_OP(jit, opline->op2_type, opline->op2, op2_info, NULL);
1774917756
zend_jit_check_exception(jit);
@@ -17816,18 +17823,34 @@ static void jit_frameless_icall3(zend_jit_ctx *jit, const zend_op *opline, uint3
1781617823

1781717824
jit_FREE_OP(jit, opline->op1_type, opline->op1, op1_info, NULL);
1781817825
/* Set OP1 to UNDEF in case FREE_OP2() throws. */
17826+
bool op1_undef = false;
1781917827
if ((opline->op1_type & (IS_VAR|IS_TMP_VAR))
17820-
&& ((opline->op2_type & (IS_VAR|IS_TMP_VAR))
17821-
|| (op_data_type & (IS_VAR|IS_TMP_VAR)))) {
17828+
&& (((opline->op2_type & (IS_VAR|IS_TMP_VAR))
17829+
&& (op2_info & MAY_BE_RC1)
17830+
&& (op2_info & (MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_ARRAY_OF_RESOURCE|MAY_BE_ARRAY_OF_ARRAY)))
17831+
|| ((op_data_type & (IS_VAR|IS_TMP_VAR))
17832+
&& (op1_data_info & MAY_BE_RC1)
17833+
&& (op1_data_info & (MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_ARRAY_OF_RESOURCE|MAY_BE_ARRAY_OF_ARRAY))))) {
17834+
op1_undef = true;
1782217835
jit_set_Z_TYPE_INFO(jit, op1_addr, IS_UNDEF);
17836+
if (JIT_G(current_frame)) {
17837+
SET_STACK_TYPE(JIT_G(current_frame)->stack,
17838+
EX_VAR_TO_NUM(opline->op1.var), IS_UNKNOWN, 1);
17839+
}
1782317840
}
1782417841
jit_FREE_OP(jit, opline->op2_type, opline->op2, op2_info, NULL);
17825-
/* If OP1 is a TMP|VAR, we don't need to set OP2 to UNDEF on free because
17842+
/* If OP1 is set to UNDEF, we don't need to set OP2 to UNDEF on free because
1782617843
* zend_fetch_debug_backtrace aborts when it encounters the first UNDEF TMP|VAR. */
17827-
if (!(opline->op1_type & (IS_VAR|IS_TMP_VAR))
17844+
if (!op1_undef
1782817845
&& (opline->op2_type & (IS_VAR|IS_TMP_VAR)) != 0
17829-
&& (op_data_type & (IS_VAR|IS_TMP_VAR)) != 0) {
17846+
&& (op_data_type & (IS_VAR|IS_TMP_VAR)) != 0
17847+
&& (op1_data_info & MAY_BE_RC1)
17848+
&& (op1_data_info & (MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_ARRAY_OF_OBJECT|MAY_BE_ARRAY_OF_RESOURCE|MAY_BE_ARRAY_OF_ARRAY))) {
1783017849
jit_set_Z_TYPE_INFO(jit, op2_addr, IS_UNDEF);
17850+
if (JIT_G(current_frame)) {
17851+
SET_STACK_TYPE(JIT_G(current_frame)->stack,
17852+
EX_VAR_TO_NUM(opline->op2.var), IS_UNKNOWN, 1);
17853+
}
1783117854
}
1783217855
jit_FREE_OP(jit, (opline+1)->op1_type, (opline+1)->op1, op1_data_info, NULL);
1783317856
zend_jit_check_exception(jit);

0 commit comments

Comments
 (0)