In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should only update ex if we update EG(exception).
Fixes oss-fuzz #40464.
Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
The particular test case would crash with JIT, because the existence
of the reference was assumed.
Fixes oss-fuzz #39440.
Even though the input is not a reference (or not treated as such),
we still need to create a reference to satisfy the function
signature. Various code relies on reference arguments actually
being references. In this particular case, it would result in
a JIT crash.
The zend_call_function() implementation already handled this
correctly.
We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.
Closes GH-7381.
For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots for
all identical property references, which means that this
optimization also disables property type checks for all other
operands on the property that occur in the same functions.
This could be addressed by blocking cache slot merging in opcache,
but I prefer dropping it entirely instead. It does not seem
important enough to warrant doing that.
zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.
We should also set retval_ref when de-indirecting. Otherwise the
retval_ref != retval_ptr comparison below may incorrect assume
that we're returning a reference.
I don't have a reliable reproducer for this issue, but it sometimes
appears in certain configurations in arrow_functions/007.phpt in
conjunction with other changes.
If we have an undefined variable and null is not accepted by the
return type, we want to throw just the undef var error.
In this case this lead to an infinite loop, because we overwrite
the exception opline in SAVE_OPLINE and it does not get reset
when chaining into a previous exception. Add an assertiong to
catch this case earlier.
ZEND_HANDLE_EXCEPTION might call zend_observer_fcall_end() even if exception is cought by function. The fix moved zend_observer_fcall_end() into a right place and remove OBSERVER sepecialization for ZEND_HANDLE_EXCEPTION handler.