Fix faulty zend_try handling in zend_jit_trace()

iluuu1994 · iluuu1994 · commit 95e93b85fa30 · 2026-04-08T13:18:49.000+02:00
diff --git a/NEWS b/NEWS
@@ -23,6 +23,7 @@ PHP                                                                        NEWS
     zend_jit_use_reg). (Arnaud)
   . Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch). (ilutov)
   . Fixed bug GH-21460 (COND optimization regression). (Dmitry, Arnaud)
+  . Fixed faulty returns out of zend_try block in zend_jit_trace(). (ilutov)
 
 - OpenSSL:
   . Fix a bunch of memory leaks and crashes on edge cases. (ndossche)
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -5167,7 +5167,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 							 && ssa->vars[ssa_op->op2_def].use_chain < 0
 							 && !ssa->vars[ssa_op->op2_def].phi_use_chain) {
 								if (!zend_jit_store_type(&ctx, var_num, type)) {
-									return 0;
+									goto jit_failure;
 								}
 								SET_STACK_TYPE(stack, var_num, type, 1);
 							}
@@ -5220,7 +5220,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 							 && ssa->vars[ssa_op->op1_def].use_chain < 0
 							 && !ssa->vars[ssa_op->op1_def].phi_use_chain) {
 								if (!zend_jit_store_type(&ctx, var_num, type)) {
-									return 0;
+									goto jit_failure;
 								}
 								SET_STACK_TYPE(stack, var_num, type, 1);
 							}
@@ -5317,7 +5317,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 							 && ssa->vars[ssa_op->op1_def].use_chain < 0
 							 && !ssa->vars[ssa_op->op1_def].phi_use_chain) {
 								if (!zend_jit_store_type(&ctx, var_num, type)) {
-									return 0;
+									goto jit_failure;
 								}
 								SET_STACK_TYPE(stack, var_num, type, 1);
 							}
@@ -6539,7 +6539,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 											var_num = EX_VAR_TO_NUM(var_num);
 
 											if (!zend_jit_store_type(&ctx, var_num, type)) {
-												return 0;
+												goto jit_failure;
 											}
 											SET_STACK_TYPE(stack, var_num, type, 1);
 										}
@@ -7179,7 +7179,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 				 && type != STACK_MEM_TYPE(stack, i)
 				 && zend_jit_trace_must_store_type(op_array, op_array_ssa, opline - op_array->opcodes, i, type)) {
 					if (!zend_jit_store_type(jit, i, type)) {
-						return 0;
+						goto jit_failure;
 					}
 					SET_STACK_TYPE(stack, i, type, 1);
 				}
@@ -7301,11 +7301,11 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 		zend_string_release(name);
 	}
 
+jit_cleanup:;
 	} zend_catch {
 		do_bailout = 1;
 	}  zend_end_try();
 
-jit_cleanup:
 	/* Clean up used op_arrays */
 	while (num_op_arrays > 0) {
 		op_array = op_arrays[--num_op_arrays];

Original file line number	Diff line number	Diff line change
`@@ -5167,7 +5167,7 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`5167`	`5167`	`&& ssa->vars[ssa_op->op2_def].use_chain < 0`
`5168`	`5168`	`&& !ssa->vars[ssa_op->op2_def].phi_use_chain) {`
`5169`	`5169`	`if (!zend_jit_store_type(&ctx, var_num, type)) {`
`5170`		`- return 0;`
	`5170`	`+ goto jit_failure;`
`5171`	`5171`	`}`
`5172`	`5172`	`SET_STACK_TYPE(stack, var_num, type, 1);`
`5173`	`5173`	`}`
`@@ -5220,7 +5220,7 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`5220`	`5220`	`&& ssa->vars[ssa_op->op1_def].use_chain < 0`
`5221`	`5221`	`&& !ssa->vars[ssa_op->op1_def].phi_use_chain) {`
`5222`	`5222`	`if (!zend_jit_store_type(&ctx, var_num, type)) {`
`5223`		`- return 0;`
	`5223`	`+ goto jit_failure;`
`5224`	`5224`	`}`
`5225`	`5225`	`SET_STACK_TYPE(stack, var_num, type, 1);`
`5226`	`5226`	`}`
`@@ -5317,7 +5317,7 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`5317`	`5317`	`&& ssa->vars[ssa_op->op1_def].use_chain < 0`
`5318`	`5318`	`&& !ssa->vars[ssa_op->op1_def].phi_use_chain) {`
`5319`	`5319`	`if (!zend_jit_store_type(&ctx, var_num, type)) {`
`5320`		`- return 0;`
	`5320`	`+ goto jit_failure;`
`5321`	`5321`	`}`
`5322`	`5322`	`SET_STACK_TYPE(stack, var_num, type, 1);`
`5323`	`5323`	`}`
`@@ -6539,7 +6539,7 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`6539`	`6539`	`var_num = EX_VAR_TO_NUM(var_num);`
`6540`	`6540`
`6541`	`6541`	`if (!zend_jit_store_type(&ctx, var_num, type)) {`
`6542`		`- return 0;`
	`6542`	`+ goto jit_failure;`
`6543`	`6543`	`}`
`6544`	`6544`	`SET_STACK_TYPE(stack, var_num, type, 1);`
`6545`	`6545`	`}`
`@@ -7179,7 +7179,7 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`7179`	`7179`	`&& type != STACK_MEM_TYPE(stack, i)`
`7180`	`7180`	`&& zend_jit_trace_must_store_type(op_array, op_array_ssa, opline - op_array->opcodes, i, type)) {`
`7181`	`7181`	`if (!zend_jit_store_type(jit, i, type)) {`
`7182`		`- return 0;`
	`7182`	`+ goto jit_failure;`
`7183`	`7183`	`}`
`7184`	`7184`	`SET_STACK_TYPE(stack, i, type, 1);`
`7185`	`7185`	`}`
`@@ -7301,11 +7301,11 @@ static const void zend_jit_trace(zend_jit_trace_rec trace_buffer, uint32_t par`
`7301`	`7301`	`zend_string_release(name);`
`7302`	`7302`	`}`
`7303`	`7303`
	`7304`	`+jit_cleanup:;`
`7304`	`7305`	`} zend_catch {`
`7305`	`7306`	`do_bailout = 1;`
`7306`	`7307`	`} zend_end_try();`
`7307`	`7308`
`7308`		`-jit_cleanup:`
`7309`	`7309`	`/* Clean up used op_arrays */`
`7310`	`7310`	`while (num_op_arrays > 0) {`
`7311`	`7311`	`op_array = op_arrays[--num_op_arrays];`