Optimizer: Fix inorrect constant substitution in FETCH_LIST_R

Fixes oss-fuzz #45429
2024-09-23 02:47:26 +00:00 · 2022-03-11 14:30:27 +03:00 · 2022-03-11 14:30:27 +03:00 · 770a544af4
commit 770a544af4
parent f7608df78d
2 changed files with 27 additions and 1 deletions
--- a/Zend/Optimizer/block_pass.c
+++ b/Zend/Optimizer/block_pass.c
@ -166,7 +166,13 @@ static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array
 				} else {
 					zval c;
 					ZVAL_COPY(&c, &ZEND_OP1_LITERAL(src));
-					if (zend_optimizer_update_op1_const(op_array, opline, &c)) {
+					if (opline->opcode != ZEND_CASE
+					 && opline->opcode != ZEND_CASE_STRICT
+					 && opline->opcode != ZEND_FETCH_LIST_R
+					 && opline->opcode != ZEND_SWITCH_LONG
+					 && opline->opcode != ZEND_SWITCH_STRING
+					 && opline->opcode != ZEND_MATCH
+					 && zend_optimizer_update_op1_const(op_array, opline, &c)) {
 						VAR_SOURCE(op1) = NULL;
 						literal_dtor(&ZEND_OP1_LITERAL(src));
 						MAKE_NOP(src);
--- a/ext/opcache/tests/opt/block_pass_003.phpt
+++ b/ext/opcache/tests/opt/block_pass_003.phpt
@ -0,0 +1,20 @@
+--TEST--
+Block Pass 003: Inorrect constant substitution in FETCH_LIST_R
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--EXTENSIONS--
+opcache
+--FILE--
+<?php
+function test() {
+    for ($i = 0; $i < 10; $i++) {
+        list($a, $b) = 1 ? 1 : 2;
+    }
+}
+test();
+?>
+DONE
+--EXPECT--
+DONE