Fix type inference

This fixes oss-fuzz #47049
This commit is contained in:
Dmitry Stogov 2022-05-11 12:09:11 +03:00
parent 23a2030438
commit 3f1e1b9ddf
2 changed files with 19 additions and 2 deletions

View File

@ -3219,10 +3219,11 @@ static zend_always_inline int _zend_update_type_info(
tmp |= t1 & (MAY_BE_RC1|MAY_BE_RCN);
}
}
if (opline->opcode == ZEND_FETCH_DIM_RW
if ((key_type & (MAY_BE_ARRAY_KEY_LONG|MAY_BE_ARRAY_KEY_STRING))
&& (opline->opcode == ZEND_FETCH_DIM_RW
|| opline->opcode == ZEND_FETCH_DIM_W
|| opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
|| opline->opcode == ZEND_FETCH_LIST_W) {
|| opline->opcode == ZEND_FETCH_LIST_W)) {
j = ssa_vars[ssa_op->result_def].use_chain;
if (j < 0) {
/* no uses */

View File

@ -0,0 +1,16 @@
--TEST--
Type inference 006: FETCH_DIM_W with invalid key type
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.optimization_level=-1
--FILE--
<?php
function y() {
$obj=new y;
u($y[$obj]);
}
?>
DONE
--EXPECT--
DONE