Skip to content

Commit 731734d

Browse files
dstogovdstogov
committed
Fixed type inference
Fixes oss-fuzz #65150
1 parent c67f6f4 commit 731734d

File tree

3 files changed

+40
-1
lines changed

3 files changed

+40
-1
lines changed

Zend/Optimizer/zend_inference.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2825,8 +2825,15 @@ static zend_always_inline zend_result _zend_update_type_info(
28252825
/* DOUBLE may be auto-converted to LONG */
28262826
tmp |= MAY_BE_LONG;
28272827
tmp &= ~MAY_BE_DOUBLE;
2828+
} else if ((t1 & (MAY_BE_LONG|MAY_BE_DOUBLE|MAY_BE_STRING)) == MAY_BE_STRING
2829+
&& (tmp & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
2830+
/* LONG/DOUBLE may be auto-converted to STRING */
2831+
tmp |= MAY_BE_STRING;
2832+
tmp &= ~(MAY_BE_LONG|MAY_BE_DOUBLE);
28282833
}
28292834
tmp &= t1;
2835+
} else {
2836+
tmp |= MAY_BE_LONG | MAY_BE_STRING;
28302837
}
28312838
} else if (opline->opcode == ZEND_ASSIGN_STATIC_PROP_OP) {
28322839
/* The return value must also satisfy the property type */
@@ -2837,8 +2844,15 @@ static zend_always_inline zend_result _zend_update_type_info(
28372844
/* DOUBLE may be auto-converted to LONG */
28382845
tmp |= MAY_BE_LONG;
28392846
tmp &= ~MAY_BE_DOUBLE;
2847+
} else if ((t1 & (MAY_BE_LONG|MAY_BE_DOUBLE|MAY_BE_STRING)) == MAY_BE_STRING
2848+
&& (tmp & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
2849+
/* LONG/DOUBLE may be auto-converted to STRING */
2850+
tmp |= MAY_BE_STRING;
2851+
tmp &= ~(MAY_BE_LONG|MAY_BE_DOUBLE);
28402852
}
28412853
tmp &= t1;
2854+
} else {
2855+
tmp |= MAY_BE_LONG | MAY_BE_STRING;
28422856
}
28432857
} else {
28442858
if (tmp & MAY_BE_REF) {

Zend/Optimizer/zend_optimizer.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -797,7 +797,9 @@ zend_class_entry *zend_optimizer_get_class_entry(
797797
}
798798

799799
ce = zend_hash_find_ptr(CG(class_table), lcname);
800-
if (ce && ce->type == ZEND_INTERNAL_CLASS) {
800+
if (ce
801+
&& (ce->type == ZEND_INTERNAL_CLASS
802+
|| (op_array && ce->info.user.filename == op_array->filename))) {
801803
return ce;
802804
}
803805

ext/opcache/tests/jit/assign_static_prop_op_001.phpt

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
--TEST--
2+
JIT ASSIGN_STATIC_PROP_OP: 001
3+
--INI--
4+
opcache.enable=1
5+
opcache.enable_cli=1
6+
opcache.file_update_protection=0
7+
opcache.jit_buffer_size=1M
8+
--EXTENSIONS--
9+
opcache
10+
--FILE--
11+
<?php
12+
function ref () {
13+
}
14+
class Foo {
15+
static $i;
16+
static string $s;
17+
}
18+
Foo::$i = 1;
19+
Foo::$s = Foo::$i;
20+
var_dump(Foo::$s -= ref());
21+
?>
22+
--EXPECT--
23+
string(1) "1"

0 commit comments

Comments
 (0)