mege #14
Merged
mege #14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes oss-fuzz #42878
* PHP-8.0: Fix memory leak in SCCP
* PHP-8.1: Fix memory leak in SCCP
…r may update the same HashTable. Fixes oss-fuzz #42894
zend_optimizer_update_op1_const() already handles these cases.
update_op1_const() implements the right logic here -- these cannot be replaced by different opcodes, as the by-ref passing behavior is not the same.
update_op1_const() can handle these nowadays.
While we can't replace the instanceof operand, we will evaluate the instanceof to false and replace its result anyway. Even in cases where the instanceof user cannot be replaced, we already have generic code to convert the opcode to QM_ASSIGN in that case.
The generic code was rejecting this to go into a special code path in SCCP. We should directly do that in SCCP instead, to still allow the generic (and valid) replacement.
Instead propagate the FETCH_CLASS return value, so it can be directly replaced if possible, which will also eliminate the FETCH_CLASS subsequently.
These are supported as constants nowadays, so we can drop the string check. Also fix a potential leak, though I believe this doesn't matter in current usage, as it will effectively be suppressed during persist.
This seems to date back to a time where zval_ptr_dtor was a macro implicitly passing additional parameters.
Signed-off-by: Anatol Belski <ab@php.net>
The replace const or replace with QM_ASSIGN pattern is common to all constant folding, extract it into a function.
…tion Nowadays self::X is represented using an UNUSED operand with FETCH_CLASS_SELF flag rather than a separate FETCH_CLASS instruction. The code already handles the new pattern.
This handles references to the current class through its name rather than self (and for cases where is is not linked yet and thus not covered by the context lookup). Rather than handling this only for FETCH_CLASS_CONSTANT optimization, integrate this into the generic get_class_entry() utility.
Export and reuse this helper in places that fetch a class entry from op1.
Move literal destruction into helper and use a common result variable to make code more compact.
These can be handled by the generic code. Worth noting that count will usually go through ZEND_COUNT, and chr on constants is evaluated in the compiler, so these are not particularly compile-time sensitive either.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.