clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix typr inference

Browse Source 
Fixes oss-fuzz #45020
This commit is contained in:
Dmitry Stogov 2022-02-28 18:25:49 +03:00
parent f67986a921
commit aced867a95
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Zend/Optimizer/zend_inference.c
View File

@ -2661,6 +2661,7 @@ static zend_always_inline int _zend_update_type_info(
case ZEND_ASSIGN_DIM:
if (opline->op1_type == IS_CV) {
tmp = assign_dim_result_type(t1, t2, OP1_DATA_INFO(), opline->op2_type);
tmp |= ssa->var_info[ssa_op->op1_def].type & (MAY_BE_ARRAY_PACKED|MAY_BE_ARRAY_NUMERIC_HASH|MAY_BE_ARRAY_STRING_HASH);
UPDATE_SSA_TYPE(tmp, ssa_op->op1_def);
COPY_SSA_OBJ_TYPE(ssa_op->op1_use, ssa_op->op1_def);
}

26
ext/opcache/tests/jit/assign_dim_013.phpt Normal file
View File

@ -0,0 +1,26 @@
--TEST--
JIT ASSIGN_DIM: 013
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--FILE--
<?php
function test() {
for(;;) {
$arr[] = $obj = new stdClass;
$obj->y = set_error_handler(function(){});
foreach($obj as $y) {
}
$arr = ['' => y];
}
}
test();
?>
--EXPECTF--
Fatal error: Uncaught Error: Undefined constant "y" in %sassign_dim_013.php:8
Stack trace:
#0 %sassign_dim_013.php(11): test()
#1 {main}
thrown in %sassign_dim_013.php on line 8