Skip to content

Commit 918dc23

Browse files
iluuu1994iluuu1994
committed
Merge branch 'PHP-8.4' into PHP-8.5
* PHP-8.4: Fix block_pass JMP[N]Z optimization
2 parents 99aec78 + f61b1fc commit 918dc23

File tree

3 files changed

+16
-1
lines changed

3 files changed

+16
-1
lines changed

NEWS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ PHP NEWS
1010
. Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown
1111
function triggered by bailout in php_output_lock_error()). (timwolla)
1212
. Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber). (ilutov)
13+
. Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization). (ilutov)
1314

1415
- MbString:
1516
. Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is

Zend/Optimizer/block_pass.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1229,7 +1229,7 @@ static zend_always_inline zend_basic_block *get_next_block(const zend_cfg *cfg,
12291229
}
12301230
next_block++;
12311231
}
1232-
while (next_block->len == 0 && !(next_block->flags & ZEND_BB_PROTECTED)) {
1232+
while (next_block->len == 0 && !(next_block->flags & (ZEND_BB_TARGET|ZEND_BB_PROTECTED))) {
12331233
next_block = cfg->blocks + next_block->successors[0];
12341234
}
12351235
return next_block;

ext/opcache/tests/oss-fuzz-472563272.phpt

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
--TEST--
2+
OSS-Fuzz #472563272: Borked block_pass JMP[N]Z optimization
3+
--EXTENSIONS--
4+
opcache
5+
--INI--
6+
opcache.enable=1
7+
opcache.enable_cli=1
8+
--FILE--
9+
<?php
10+
false || (true ? true : false) || (false ? true : false) || true;
11+
?>
12+
===DONE===
13+
--EXPECT--
14+
===DONE===

0 commit comments

Comments
 (0)