mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 02:15:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect JMP optimization

Browse Source 
Fixes oss-fuzz #42155
This commit is contained in:
Dmitry Stogov 2021-12-10 01:39:28 +03:00
parent efb901ebed
commit 0ac3d78d7d
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ext/opcache/Optimizer/dfa_pass.c
View File

@ -730,9 +730,13 @@ static int zend_dfa_optimize_jmps(zend_op_array *op_array, zend_ssa *ssa)
uint32_t op_num;
zend_op *opline;
zend_ssa_op *ssa_op;
zend_bool can_follow = 1;
while (next_block_num < ssa->cfg.blocks_count
&& !(ssa->cfg.blocks[next_block_num].flags & ZEND_BB_REACHABLE)) {
if (ssa->cfg.blocks[next_block_num].flags & ZEND_BB_UNREACHABLE_FREE) {
can_follow = 0;
}
next_block_num++;
}
@ -744,7 +748,7 @@ static int zend_dfa_optimize_jmps(zend_op_array *op_array, zend_ssa *ssa)
switch (opline->opcode) {
case ZEND_JMP:
optimize_jmp:
if (block->successors[0] == next_block_num) {
if (block->successors[0] == next_block_num && can_follow) {
MAKE_NOP(opline);
removed_ops++;
goto optimize_nop;
@ -765,7 +769,7 @@ optimize_jmpz:
goto optimize_jmp;
}
} else {
if (block->successors[0] == next_block_num) {
if (block->successors[0] == next_block_num && can_follow) {
take_successor_0(ssa, block_num, block);
if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
opline->opcode = ZEND_CHECK_VAR;
@ -796,7 +800,7 @@ optimize_jmpnz:
goto optimize_nop;
}
} else if (block->successors_count == 2) {
if (block->successors[0] == next_block_num) {
if (block->successors[0] == next_block_num && can_follow) {
take_successor_0(ssa, block_num, block);
if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
opline->opcode = ZEND_CHECK_VAR;
@ -830,7 +834,7 @@ optimize_jmpnz:
} else if (block->successors_count == 2) {
if (block->successors[0] == block->successors[1]) {
take_successor_0(ssa, block_num, block);
if (block->successors[0] == next_block_num) {
if (block->successors[0] == next_block_num && can_follow) {
if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
opline->opcode = ZEND_CHECK_VAR;
opline->op2.num = 0;

13
ext/opcache/tests/opt/jmp_002.phpt Normal file
View File

@ -0,0 +1,13 @@
--TEST--
JMP 002: JMP around unreachable FREE
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.optimization_level=-1
--FILE--
<?php
7??match(X){};
?>
DONE
--EXPECT--
DONE