diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2019-07-10 14:12:02 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-07-10 14:13:29 +0200 |
| commit | 36235cf5d7c5cf6d2f9673c46dd051fbbc2195a9 (patch) | |
| tree | ee9f0ea204a1c31e144631a40c831da5db0b9367 /ext | |
| parent | 9b143b074a0f5fe53642623f5aa8b1854efd5aae (diff) | |
| download | php-git-36235cf5d7c5cf6d2f9673c46dd051fbbc2195a9.tar.gz | |
Read from original address
References are derefed into FCARG1, which is later clobbered by the
undef handling code. Make sure we load from the original address
instead.
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/opcache/jit/zend_jit_disasm_x86.c | 2 | ||||
| -rw-r--r-- | ext/opcache/jit/zend_jit_x86.dasc | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/ext/opcache/jit/zend_jit_disasm_x86.c b/ext/opcache/jit/zend_jit_disasm_x86.c index c7b7bf5814..109510cdb2 100644 --- a/ext/opcache/jit/zend_jit_disasm_x86.c +++ b/ext/opcache/jit/zend_jit_disasm_x86.c @@ -441,6 +441,8 @@ static int zend_jit_disasm_init(void) REGISTER_HELPER(zend_jit_pre_dec_typed_ref); REGISTER_HELPER(zend_jit_post_inc_typed_ref); REGISTER_HELPER(zend_jit_post_dec_typed_ref); + REGISTER_HELPER(zend_jit_only_vars_by_reference); + REGISTER_HELPER(zend_jit_invalid_array_access); REGISTER_HELPER(zend_runtime_jit); REGISTER_HELPER(zend_jit_hot_func); #undef REGISTER_HELPER diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc index 2618adc1a5..49a25343da 100644 --- a/ext/opcache/jit/zend_jit_x86.dasc +++ b/ext/opcache/jit/zend_jit_x86.dasc @@ -8760,7 +8760,7 @@ static int zend_jit_return(dasm_State **Dst, const zend_op *opline, zend_op_arra static int zend_jit_fetch_dim_read(dasm_State **Dst, const zend_op *opline, zend_op_array *op_array, zend_ssa *ssa) { uint32_t op1_info, op2_info, res_info; - zend_jit_addr op1_addr, op2_addr, res_addr; + zend_jit_addr op1_addr, orig_op1_addr, op2_addr, res_addr; if (!ssa->ops || !ssa->var_info) { goto fallback; @@ -8770,7 +8770,7 @@ static int zend_jit_fetch_dim_read(dasm_State **Dst, const zend_op *opline, zend op2_info = OP2_INFO(); res_info = RES_INFO(); - op1_addr = zend_jit_decode_op(op_array, opline->op1_type, opline->op1, opline, NULL, -1); + op1_addr = orig_op1_addr = zend_jit_decode_op(op_array, opline->op1_type, opline->op1, opline, NULL, -1); op2_addr = zend_jit_decode_op(op_array, opline->op2_type, opline->op2, opline, NULL, -1); res_addr = zend_jit_decode_op(op_array, opline->result_type, opline->result, opline, NULL, -1); @@ -8886,7 +8886,7 @@ static int zend_jit_fetch_dim_read(dasm_State **Dst, const zend_op *opline, zend if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF)-(MAY_BE_ARRAY|MAY_BE_STRING|MAY_BE_OBJECT))) { if (opline->opcode != ZEND_FETCH_DIM_IS) { | SAVE_VALID_OPLINE opline - | LOAD_ZVAL_ADDR FCARG1a, op1_addr + | LOAD_ZVAL_ADDR FCARG1a, orig_op1_addr | EXT_CALL zend_jit_invalid_array_access, r0 } | SET_ZVAL_TYPE_INFO res_addr, IS_NULL |