From f9518c3850982aca41fac22b87a1e11096eb1643 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 25 Nov 2021 15:14:04 +0300 Subject: [PATCH] Fixed incorrect narrowing to double Fixes oss-fuzz #41223 --- ext/opcache/Optimizer/zend_inference.c | 2 +- ext/opcache/tests/jit/assign_047.phpt | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 ext/opcache/tests/jit/assign_047.phpt diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c index 65b13507e88..926e3186ef8 100644 --- a/ext/opcache/Optimizer/zend_inference.c +++ b/ext/opcache/Optimizer/zend_inference.c @@ -3918,7 +3918,7 @@ static zend_bool can_convert_to_double( for (phi = var->phi_use_chain; phi; phi = zend_ssa_next_use_phi(ssa, var_num, phi)) { /* Check that narrowing can actually be useful */ type = ssa->var_info[phi->ssa_var].type; - if ((type & MAY_BE_ANY) & ~(MAY_BE_LONG|MAY_BE_DOUBLE)) { + if (type & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) { return 0; } diff --git a/ext/opcache/tests/jit/assign_047.phpt b/ext/opcache/tests/jit/assign_047.phpt new file mode 100644 index 00000000000..302d465fdab --- /dev/null +++ b/ext/opcache/tests/jit/assign_047.phpt @@ -0,0 +1,25 @@ +--TEST-- +JIT ASSIGN: incorrect narrowing to double +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +opcache.protect_memory=1 +--FILE-- +0]; + for($i=0;$i<10;$i++){ + +$a; + $a=$x->x; + $a=7; + } +} +test() +?> +DONE +--EXPECTF-- +Warning: Undefined variable $a in %sassign_047.php on line 5 +DONE +