JIT: Fix register clobbering

dstogov · dstogov · commit cf83bdd925bc · 2022-03-21T16:08:52.000+03:00
Fixes oss-fuzz #45590
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -15877,6 +15877,9 @@ static zend_regset zend_jit_get_scratch_regset(const zend_op *opline, const zend
 				if (op1_info & MAY_BE_DOUBLE) {
 					regset = ZEND_REGSET(ZREG_XMM0);
 				}
+				if (opline->result_type != IS_UNUSED && (op1_info & MAY_BE_LONG)) {
+					ZEND_REGSET_INCL(regset, ZREG_R1);
+				}
 			}
 			break;
 		case ZEND_ADD:
diff --git a/ext/opcache/tests/jit/reg_alloc_014.phpt b/ext/opcache/tests/jit/reg_alloc_014.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Register Alloction 014: Register clobbering
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function foo() {
+    for($cnt = 0; $cnt < 6; $cnt++) {
+        $e = $a-- + $a-- + $a *= $a;
+        for ($i = 0; $i <= .1; $i++);
+    }
+}
+foo();
+?>
+DONE
+--EXPECTF--
+Warning: Undefined variable $a in %sreg_alloc_014.php on line 4
+DONE

Original file line number	Diff line number	Diff line change
`@@ -15877,6 +15877,9 @@ static zend_regset zend_jit_get_scratch_regset(const zend_op *opline, const zend`
`15877`	`15877`	`if (op1_info & MAY_BE_DOUBLE) {`
`15878`	`15878`	`regset = ZEND_REGSET(ZREG_XMM0);`
`15879`	`15879`	`}`
	`15880`	`+ if (opline->result_type != IS_UNUSED && (op1_info & MAY_BE_LONG)) {`
	`15881`	`+ ZEND_REGSET_INCL(regset, ZREG_R1);`
	`15882`	`+ }`
`15880`	`15883`	`}`
`15881`	`15884`	`break;`
`15882`	`15885`	`case ZEND_ADD:`