Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0: JIT: Fixed memory leak
2024-09-22 02:17:32 +00:00 · 2021-11-10 12:50:14 +03:00 · 2021-11-10 12:50:14 +03:00 · 10575b7bc1
commit 10575b7bc1
parent 469f8a175a 45683703f1
3 changed files with 78 additions and 0 deletions
--- a/ext/opcache/jit/zend_jit_arm64.dasc
+++ b/ext/opcache/jit/zend_jit_arm64.dasc
@ -2117,22 +2117,56 @@ static int zend_jit_undefined_function_stub(dasm_State **Dst)

 static int zend_jit_negative_shift_stub(dasm_State **Dst)
 {
+	zend_jit_addr addr = ZEND_ADDR_MEM_ZVAL(ZREG_REG0, 0);
+
 	|->negative_shift:
+	|	ldr RX, EX->opline
 	|	UNDEF_OPLINE_RESULT_IF_USED TMP1w, TMP2w
 	|	LOAD_ADDR CARG1, zend_ce_arithmetic_error
 	|	LOAD_ADDR CARG2, "Bit shift by negative number"
 	|	EXT_CALL zend_throw_error, REG0
+	|	ldrb TMP1w, OP:RX->op1_type
+	|	TST_32_WITH_CONST TMP1w, (IS_TMP_VAR|IS_VAR), TMP2w
+	|	beq >9
+	|	ldr REG0w, OP:RX->op1.var
+	|	add REG0, REG0, FP
+	|	ZVAL_PTR_DTOR addr, MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL, ZREG_TMP1, ZREG_TMP2
+	|9:
+	|	ldrb TMP1w, OP:RX->op2_type
+	|	TST_32_WITH_CONST TMP1w, (IS_TMP_VAR|IS_VAR), TMP2w
+	|	beq >9
+	|	ldr REG0w, OP:RX->op2.var
+	|	add REG0, REG0, FP
+	|	ZVAL_PTR_DTOR addr, MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL, ZREG_TMP1, ZREG_TMP2
+	|9:
 	|	b ->exception_handler
 	return 1;
 }

 static int zend_jit_mod_by_zero_stub(dasm_State **Dst)
 {
+	zend_jit_addr addr = ZEND_ADDR_MEM_ZVAL(ZREG_REG0, 0);
+
 	|->mod_by_zero:
+	|	ldr RX, EX->opline
 	|	UNDEF_OPLINE_RESULT_IF_USED TMP1w, TMP2w
 	|	LOAD_ADDR CARG1, zend_ce_division_by_zero_error
 	|	LOAD_ADDR CARG2, "Modulo by zero"
 	|	EXT_CALL zend_throw_error, REG0
+	|	ldrb TMP1w, OP:RX->op1_type
+	|	TST_32_WITH_CONST TMP1w, (IS_TMP_VAR|IS_VAR), TMP2w
+	|	beq >9
+	|	ldr REG0w, OP:RX->op1.var
+	|	add REG0, REG0, FP
+	|	ZVAL_PTR_DTOR addr, MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL, ZREG_TMP1, ZREG_TMP2
+	|9:
+	|	ldrb TMP1w, OP:RX->op2_type
+	|	TST_32_WITH_CONST TMP1w, (IS_TMP_VAR|IS_VAR), TMP2w
+	|	beq >9
+	|	ldr REG0w, OP:RX->op2.var
+	|	add REG0, REG0, FP
+	|	ZVAL_PTR_DTOR addr, MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL, ZREG_TMP1, ZREG_TMP2
+	|9:
 	|	b ->exception_handler
 	return 1;
 }
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@ -2097,6 +2097,7 @@ static int zend_jit_undefined_function_stub(dasm_State **Dst)
 static int zend_jit_negative_shift_stub(dasm_State **Dst)
 {
 	|->negative_shift:
+	|	mov RX, EX->opline
 	|	UNDEF_OPLINE_RESULT_IF_USED
 	|.if X64
 		|.if WIN
@ -2119,6 +2120,18 @@ static int zend_jit_negative_shift_stub(dasm_State **Dst)
 		|	EXT_CALL zend_throw_error, r0
 		|	add r4, 16
 	|.endif
+	|	test byte OP:RX->op1_type, (IS_TMP_VAR|IS_VAR)
+	|	je >9
+	|	mov eax, dword OP:RX->op1.var
+	|	add r0, FP
+	|	ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
+	|9:
+	|	test byte OP:RX->op2_type, (IS_TMP_VAR|IS_VAR)
+	|	je >9
+	|	mov eax, dword OP:RX->op2.var
+	|	add r0, FP
+	|	ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
+	|9:
 	|	jmp ->exception_handler
 	return 1;
 }
@ -2126,6 +2139,7 @@ static int zend_jit_negative_shift_stub(dasm_State **Dst)
 static int zend_jit_mod_by_zero_stub(dasm_State **Dst)
 {
 	|->mod_by_zero:
+	|	mov RX, EX->opline
 	|	UNDEF_OPLINE_RESULT_IF_USED
 	|.if X64
 		|.if WIN
@ -2148,6 +2162,18 @@ static int zend_jit_mod_by_zero_stub(dasm_State **Dst)
 		|	EXT_CALL zend_throw_error, r0
 		|	add r4, 16
 	|.endif
+	|	test byte OP:RX->op1_type, (IS_TMP_VAR|IS_VAR)
+	|	je >9
+	|	mov eax, dword OP:RX->op1.var
+	|	add r0, FP
+	|	ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
+	|9:
+	|	test byte OP:RX->op2_type, (IS_TMP_VAR|IS_VAR)
+	|	je >9
+	|	mov eax, dword OP:RX->op2.var
+	|	add r0, FP
+	|	ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
+	|9:
 	|	jmp ->exception_handler
 	return 1;
 }
--- a/ext/opcache/tests/jit/assign_op_005.phpt
+++ b/ext/opcache/tests/jit/assign_op_005.phpt
@ -0,0 +1,18 @@
+--TEST--
+JIT ASSIGN_OP: 005
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+$a = ["xy" => 0];
+$x = "";
+$a["x{$x}y"] %= 0;
+?>
+--EXPECTF--
+Fatal error: Uncaught DivisionByZeroError: Modulo by zero in %sassign_op_005.php:4
+Stack trace:
+#0 {main}
+  thrown in %sassign_op_005.php on line 4