diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2019-06-28 12:38:28 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-06-28 14:47:49 +0200 |
| commit | ca6f41aa5a15a44f841e42c7255294d521c95d5d (patch) | |
| tree | fe8134fb3dfa80135f4ac364cfb0c6557ac1dd6a | |
| parent | 50cce5eb4f7c2627622875d9360b66b6c3234afe (diff) | |
| download | php-git-ca6f41aa5a15a44f841e42c7255294d521c95d5d.tar.gz | |
Fix out of bounds read in sccp
| -rw-r--r-- | ext/opcache/Optimizer/sccp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c index ab202d2ead..0f5f1d18e1 100644 --- a/ext/opcache/Optimizer/sccp.c +++ b/ext/opcache/Optimizer/sccp.c @@ -2329,6 +2329,7 @@ static int try_remove_definition(sccp_ctx *ctx, int var_num, zend_ssa_var *var, if (opline->opcode == ZEND_DO_ICALL) { removed_ops = remove_call(ctx, opline, ssa_op); } else if (opline->opcode == ZEND_TYPE_CHECK + && ssa_op->op1_use >= 0 && !value_known(&ctx->values[ssa_op->op1_use])) { /* For TYPE_CHECK we may compute the result value without knowing the * operand, based on type inference information. Make sure the operand is |