Skip to content

Commit ba6df41

Browse files
iluuu1994iluuu1994
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: Fix OSS-Fuzz #478009707 for JIT
2 parents e76044a + bbde9c8 commit ba6df41

File tree

2 files changed

+18
-2
lines changed

2 files changed

+18
-2
lines changed

Zend/tests/oss-fuzz-478009707.phpt

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,10 @@ $c = new C(1);
1818
$c->prop = 1;
1919
var_dump($c->prop);
2020

21+
$c->prop = PHP_INT_MAX;
22+
var_dump($c->prop);
23+
2124
?>
22-
--EXPECT--
25+
--EXPECTF--
2326
int(4)
27+
float(%s)

ext/opcache/jit/zend_jit_helpers.c

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2944,7 +2944,7 @@ static void ZEND_FASTCALL zend_jit_assign_obj_op_helper(zend_object *zobj, zend_
29442944
//??? } else {
29452945
//??? prop_info = zend_object_fetch_property_type_info(Z_OBJ_P(object), orig_zptr);
29462946
//??? }
2947-
if (prop_info) {
2947+
if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) {
29482948
/* special case for typed properties */
29492949
zend_jit_assign_op_to_typed_prop(zptr, prop_info, value, binary_op);
29502950
} else {
@@ -3140,6 +3140,9 @@ static void ZEND_FASTCALL zend_jit_pre_inc_obj_helper(zend_object *zobj, zend_st
31403140
}
31413141
} else {
31423142
zend_property_info *prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2);
3143+
if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
3144+
prop_info = NULL;
3145+
}
31433146

31443147
if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
31453148
fast_long_increment_function(prop);
@@ -3210,6 +3213,9 @@ static void ZEND_FASTCALL zend_jit_pre_dec_obj_helper(zend_object *zobj, zend_st
32103213
}
32113214
} else {
32123215
zend_property_info *prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2);
3216+
if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
3217+
prop_info = NULL;
3218+
}
32133219

32143220
if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
32153221
fast_long_decrement_function(prop);
@@ -3278,6 +3284,9 @@ static void ZEND_FASTCALL zend_jit_post_inc_obj_helper(zend_object *zobj, zend_s
32783284
ZVAL_NULL(result);
32793285
} else {
32803286
zend_property_info *prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2);
3287+
if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
3288+
prop_info = NULL;
3289+
}
32813290

32823291
if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
32833292
ZVAL_LONG(result, Z_LVAL_P(prop));
@@ -3339,6 +3348,9 @@ static void ZEND_FASTCALL zend_jit_post_dec_obj_helper(zend_object *zobj, zend_s
33393348
ZVAL_NULL(result);
33403349
} else {
33413350
zend_property_info *prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2);
3351+
if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
3352+
prop_info = NULL;
3353+
}
33423354

33433355
if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
33443356
ZVAL_LONG(result, Z_LVAL_P(prop));

0 commit comments

Comments
 (0)