Skip to content

Commit 48a65fe

Browse files
dstogovdstogov
committed
JIT: Fixed memory lieak
1 parent fb3e646 commit 48a65fe

File tree

2 files changed

+67
-32
lines changed

2 files changed

+67
-32
lines changed

ext/opcache/jit/zend_jit_x86.dasc

Lines changed: 46 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -559,10 +559,9 @@ static void* dasm_labels[zend_lb_MAX];
559559
|.endmacro
560560

561561
|.macro UNDEF_OPLINE_RESULT_IF_USED
562-
| mov r0, EX->opline
563-
| test byte OP:r0->result_type, (IS_TMP_VAR|IS_VAR)
562+
| test byte OP:RX->result_type, (IS_TMP_VAR|IS_VAR)
564563
| jz >1
565-
| mov eax, dword OP:r0->result.var
564+
| mov eax, dword OP:RX->result.var
566565
| SET_Z_TYPE_INFO FP + r0, IS_UNDEF
567566
|1:
568567
|.endmacro
@@ -1841,6 +1840,42 @@ static int zend_jit_exception_handler_undef_stub(dasm_State **Dst)
18411840
return 1;
18421841
}
18431842

1843+
1844+
static int zend_jit_exception_handler_free_op1_op2_stub(dasm_State **Dst)
1845+
{
1846+
|->exception_handler_free_op1_op2:
1847+
| UNDEF_OPLINE_RESULT_IF_USED
1848+
| test byte OP:RX->op1_type, (IS_TMP_VAR|IS_VAR)
1849+
| je >9
1850+
| mov eax, dword OP:RX->op1.var
1851+
| add r0, FP
1852+
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
1853+
|9:
1854+
| test byte OP:RX->op2_type, (IS_TMP_VAR|IS_VAR)
1855+
| je >9
1856+
| mov eax, dword OP:RX->op2.var
1857+
| add r0, FP
1858+
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
1859+
|9:
1860+
| jmp ->exception_handler
1861+
return 1;
1862+
}
1863+
1864+
static int zend_jit_exception_handler_free_op2_stub(dasm_State **Dst)
1865+
{
1866+
|->exception_handler_free_op2:
1867+
| MEM_OP2_2_ZTS mov, RX, aword, executor_globals, opline_before_exception, r0
1868+
| UNDEF_OPLINE_RESULT_IF_USED
1869+
| test byte OP:RX->op2_type, (IS_TMP_VAR|IS_VAR)
1870+
| je >9
1871+
| mov eax, dword OP:RX->op2.var
1872+
| add r0, FP
1873+
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
1874+
|9:
1875+
| jmp ->exception_handler
1876+
return 1;
1877+
}
1878+
18441879
static int zend_jit_leave_function_stub(dasm_State **Dst)
18451880
{
18461881
|->leave_function_handler:
@@ -2154,7 +2189,6 @@ static int zend_jit_negative_shift_stub(dasm_State **Dst)
21542189
{
21552190
|->negative_shift:
21562191
| mov RX, EX->opline
2157-
| UNDEF_OPLINE_RESULT_IF_USED
21582192
|.if X64
21592193
|.if WIN
21602194
| LOAD_ADDR CARG1, &zend_ce_arithmetic_error
@@ -2176,27 +2210,14 @@ static int zend_jit_negative_shift_stub(dasm_State **Dst)
21762210
| EXT_CALL zend_throw_error, r0
21772211
| add r4, 16
21782212
|.endif
2179-
| test byte OP:RX->op1_type, (IS_TMP_VAR|IS_VAR)
2180-
| je >9
2181-
| mov eax, dword OP:RX->op1.var
2182-
| add r0, FP
2183-
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
2184-
|9:
2185-
| test byte OP:RX->op2_type, (IS_TMP_VAR|IS_VAR)
2186-
| je >9
2187-
| mov eax, dword OP:RX->op2.var
2188-
| add r0, FP
2189-
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
2190-
|9:
2191-
| jmp ->exception_handler
2213+
| jmp ->exception_handler_free_op1_op2
21922214
return 1;
21932215
}
21942216

21952217
static int zend_jit_mod_by_zero_stub(dasm_State **Dst)
21962218
{
21972219
|->mod_by_zero:
21982220
| mov RX, EX->opline
2199-
| UNDEF_OPLINE_RESULT_IF_USED
22002221
|.if X64
22012222
|.if WIN
22022223
| LOAD_ADDR CARG1, &zend_ce_division_by_zero_error
@@ -2218,19 +2239,7 @@ static int zend_jit_mod_by_zero_stub(dasm_State **Dst)
22182239
| EXT_CALL zend_throw_error, r0
22192240
| add r4, 16
22202241
|.endif
2221-
| test byte OP:RX->op1_type, (IS_TMP_VAR|IS_VAR)
2222-
| je >9
2223-
| mov eax, dword OP:RX->op1.var
2224-
| add r0, FP
2225-
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
2226-
|9:
2227-
| test byte OP:RX->op2_type, (IS_TMP_VAR|IS_VAR)
2228-
| je >9
2229-
| mov eax, dword OP:RX->op2.var
2230-
| add r0, FP
2231-
| ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_R0, 0), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN|MAY_BE_REF, 0, 0, NULL
2232-
|9:
2233-
| jmp ->exception_handler
2242+
| jmp ->exception_handler_free_op1_op2
22342243
return 1;
22352244
}
22362245

@@ -2852,6 +2861,8 @@ static const zend_jit_stub zend_jit_stubs[] = {
28522861
JIT_STUB(interrupt_handler),
28532862
JIT_STUB(exception_handler),
28542863
JIT_STUB(exception_handler_undef),
2864+
JIT_STUB(exception_handler_free_op1_op2),
2865+
JIT_STUB(exception_handler_free_op2),
28552866
JIT_STUB(leave_function),
28562867
JIT_STUB(leave_throw),
28572868
JIT_STUB(icall_throw),
@@ -5242,7 +5253,10 @@ static int zend_jit_long_math_helper(dasm_State **Dst,
52425253
| FREE_OP op1_type, op1, op1_info, 0, opline
52435254
| FREE_OP op2_type, op2, op2_info, 0, opline
52445255
if (may_throw) {
5245-
if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_RX) {
5256+
if (opline->opcode == ZEND_ASSIGN_DIM_OP && (opline->op2_type & (IS_VAR|IS_TMP_VAR))) {
5257+
| MEM_OP2_1_ZTS cmp, aword, executor_globals, exception, 0, r0
5258+
| jne ->exception_handler_free_op2
5259+
} else if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_RX) {
52465260
zend_jit_check_exception_undef_result(Dst, opline);
52475261
} else {
52485262
zend_jit_check_exception(Dst);

ext/opcache/tests/jit/mod_004.phpt

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
--TEST--
2+
JIT MOD: 004
3+
--INI--
4+
opcache.enable=1
5+
opcache.enable_cli=1
6+
opcache.file_update_protection=0
7+
opcache.jit_buffer_size=1M
8+
opcache.protect_memory=1
9+
--FILE--
10+
<?php
11+
$a = [];
12+
$b = "";
13+
$a["x{$b}y"] %= 0;
14+
?>
15+
--EXPECTF--
16+
Warning: Undefined array key "xy" in %smod_004.php on line 4
17+
18+
Fatal error: Uncaught DivisionByZeroError: Modulo by zero in %smod_004.php:4
19+
Stack trace:
20+
#0 {main}
21+
thrown in %smod_004.php on line 4

0 commit comments

Comments
 (0)