Fix fuzzer runner (php#19676)

ndossche · web-flow · commit bd4e2c78acf1 · 2025-09-11T22:36:26.000+02:00
diff --git a/sapi/fuzzer/fuzzer-execute-common.h b/sapi/fuzzer/fuzzer-execute-common.h
@@ -23,6 +23,7 @@
 #include "fuzzer.h"
 #include "fuzzer-sapi.h"
 #include "zend_exceptions.h"
+#include "zend_vm.h"
 
 #define FILE_NAME "/tmp/fuzzer.php"
 #define MAX_STEPS 1000
@@ -32,10 +33,6 @@
 static uint32_t steps_left;
 static bool bailed_out = false;
 
-/* Because the fuzzer is always compiled with clang,
- * we can assume that we don't use global registers / hybrid VM. */
-typedef zend_op *(ZEND_FASTCALL *opcode_handler_t)(zend_execute_data *, const zend_op *);
-
 static zend_always_inline void fuzzer_bailout(void) {
 	bailed_out = true;
 	zend_bailout();
@@ -67,7 +64,7 @@ static void fuzzer_execute_ex(zend_execute_data *execute_data) {
 
 	while (1) {
 		fuzzer_step();
-		opline = ((opcode_handler_t) opline->handler)(execute_data, opline);
+		opline = ((zend_vm_opcode_handler_func_t) zend_get_opcode_handler_func(opline))(execute_data, opline);
 		if ((uintptr_t) opline & ZEND_VM_ENTER_BIT) {
 			opline = (const zend_op *) ((uintptr_t) opline & ~ZEND_VM_ENTER_BIT);
 			if (opline) {
