Merge branch 'PHP-8.0'

* PHP-8.0: Fixed bug #80786
author: Nikita Popov <nikita.ppv@gmail.com> 2021-02-23 10:22:20 +0100
committer: Nikita Popov <nikita.ppv@gmail.com> 2021-02-23 10:22:20 +0100
commit: 8be711be47a9d59574f12c77eca07da13e8993f3 (patch)
tree: 3fe54e6ba8a4d148e9f7495c41079621030ecaf5
parent: 24e7299c9d7b9d41a50da591b9230c87deafcf4e (diff)
parent: 79cf2c56d3c95b184fbdbe2a9bc4afe7bb0dc557 (diff)
download: php-git-8be711be47a9d59574f12c77eca07da13e8993f3.tar.gz
2 files changed, 36 insertions, 10 deletions
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
index 6c1b93df00..9fdc69a146 100644
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -4428,7 +4428,14 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
                                      zend_jit_addr   res_addr,
                                      uint32_t        res_use_info)
 {
-	zend_reg result_reg, tmp_reg;
+	zend_reg result_reg, tmp_reg_gp;
+
+	if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
+		/* ASSIGN_DIM_OP */
+		tmp_reg_gp = ZREG_R1;
+	} else {
+		tmp_reg_gp = ZREG_R0;
+	}
 
 	if (zend_is_commutative(opcode)
 	 && (Z_MODE(res_addr) != IS_REG || Z_MODE(op1_addr) != IS_REG || Z_REG(res_addr) != Z_REG(op1_addr))) {
@@ -4437,13 +4444,7 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
 		} else {
 			result_reg = ZREG_XMM0;
 		}
-		if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
-			/* ASSIGN_DIM_OP */
-			tmp_reg = ZREG_R1;
-		} else {
-			tmp_reg = ZREG_R0;
-		}
-		|	SSE_GET_ZVAL_LVAL result_reg, op2_addr, tmp_reg
+		|	SSE_GET_ZVAL_LVAL result_reg, op2_addr, tmp_reg_gp
 		if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
 			/* ASSIGN_DIM_OP */
 			if (CAN_USE_AVX()) {
@@ -4485,7 +4486,7 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
 			 && Z_LVAL_P(Z_ZV(op2_addr)) == 0) {
 				/* +/- 0 */
 			} else {
-				|	SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, ZREG_R0
+				|	SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, tmp_reg_gp
 				|	AVX_MATH_REG opcode, result_reg, op1_reg, tmp_reg
 			}
 		} else {
@@ -4495,7 +4496,7 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
 			 && Z_LVAL_P(Z_ZV(op2_addr)) == 0) {
 				/* +/- 0 */
 			} else {
-				|	SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, ZREG_R0
+				|	SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, tmp_reg_gp
 				|	SSE_MATH_REG opcode, result_reg, tmp_reg
 			}
 		}
diff --git a/ext/opcache/tests/jit/bug80786.phpt b/ext/opcache/tests/jit/bug80786.phpt
new file mode 100644
index 0000000000..af4675111e
--- /dev/null
+++ b/ext/opcache/tests/jit/bug80786.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #80786: PHP crash using JIT
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit_buffer_size=1M
+opcache.jit=function
+--FILE--
+<?php
+
+$a = new Test();
+$a->TestFunc();
+var_dump($a->value);
+
+class Test{
+	public $value = 11.3;
+
+	public function TestFunc() {
+		$this->value -= 10;
+	}
+}
+
+?>
+--EXPECT--
+float(1.3000000000000007)
author	Nikita Popov <nikita.ppv@gmail.com>	2021-02-23 10:22:20 +0100
committer	Nikita Popov <nikita.ppv@gmail.com>	2021-02-23 10:22:20 +0100
commit	8be711be47a9d59574f12c77eca07da13e8993f3 (patch)
tree	3fe54e6ba8a4d148e9f7495c41079621030ecaf5
parent	24e7299c9d7b9d41a50da591b9230c87deafcf4e (diff)
parent	79cf2c56d3c95b184fbdbe2a9bc4afe7bb0dc557 (diff)
download	php-git-8be711be47a9d59574f12c77eca07da13e8993f3.tar.gz