Skip to content

Commit 73c5f36

Browse files
iluuu1994iluuu1994
authored
Assert ptr_ptr value of TMP|CONST isn't used (php#11865)
We require valid code for compilation to succeed, but these paths should always be guarded by OPx_TYPE checks and never execute. Add an assertion to verify.
1 parent 1246da3 commit 73c5f36

File tree

3 files changed

+44
-38
lines changed

3 files changed

+44
-38
lines changed

Zend/zend_execute.h

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -523,6 +523,12 @@ ZEND_COLD void zend_magic_get_property_type_inconsistency_error(const zend_prope
523523

524524
ZEND_COLD void zend_match_unhandled_error(const zval *value);
525525

526+
static zend_always_inline void *zend_get_bad_ptr(void)
527+
{
528+
ZEND_UNREACHABLE();
529+
return NULL;
530+
}
531+
526532
END_EXTERN_C()
527533

528534
#endif /* ZEND_EXECUTE_H */

Zend/zend_vm_execute.h

Lines changed: 20 additions & 20 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Zend/zend_vm_gen.php

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -232,9 +232,9 @@
232232

233233
$op1_get_zval_ptr_ptr = array(
234234
"ANY" => "get_zval_ptr_ptr(opline->op1_type, opline->op1, \\1)",
235-
"TMP" => "NULL",
235+
"TMP" => "zend_get_bad_ptr()",
236236
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
237-
"CONST" => "NULL",
237+
"CONST" => "zend_get_bad_ptr()",
238238
"UNUSED" => "NULL",
239239
"CV" => "_get_zval_ptr_cv_\\1(opline->op1.var EXECUTE_DATA_CC)",
240240
"TMPVAR" => "???",
@@ -243,9 +243,9 @@
243243

244244
$op2_get_zval_ptr_ptr = array(
245245
"ANY" => "get_zval_ptr_ptr(opline->op2_type, opline->op2, \\1)",
246-
"TMP" => "NULL",
246+
"TMP" => "zend_get_bad_ptr()",
247247
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
248-
"CONST" => "NULL",
248+
"CONST" => "zend_get_bad_ptr()",
249249
"UNUSED" => "NULL",
250250
"CV" => "_get_zval_ptr_cv_\\1(opline->op2.var EXECUTE_DATA_CC)",
251251
"TMPVAR" => "???",
@@ -298,9 +298,9 @@
298298

299299
$op1_get_zval_ptr_ptr_undef = array(
300300
"ANY" => "get_zval_ptr_ptr_undef(opline->op1_type, opline->op1, \\1)",
301-
"TMP" => "NULL",
301+
"TMP" => "zend_get_bad_ptr()",
302302
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
303-
"CONST" => "NULL",
303+
"CONST" => "zend_get_bad_ptr()",
304304
"UNUSED" => "NULL",
305305
"CV" => "EX_VAR(opline->op1.var)",
306306
"TMPVAR" => "???",
@@ -309,9 +309,9 @@
309309

310310
$op2_get_zval_ptr_ptr_undef = array(
311311
"ANY" => "get_zval_ptr_ptr_undef(opline->op2_type, opline->op2, \\1)",
312-
"TMP" => "NULL",
312+
"TMP" => "zend_get_bad_ptr()",
313313
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
314-
"CONST" => "NULL",
314+
"CONST" => "zend_get_bad_ptr()",
315315
"UNUSED" => "NULL",
316316
"CV" => "EX_VAR(opline->op2.var)",
317317
"TMPVAR" => "???",
@@ -386,9 +386,9 @@
386386

387387
$op1_get_obj_zval_ptr_ptr = array(
388388
"ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, opline->op1, \\1)",
389-
"TMP" => "NULL",
389+
"TMP" => "zend_get_bad_ptr()",
390390
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
391-
"CONST" => "NULL",
391+
"CONST" => "zend_get_bad_ptr()",
392392
"UNUSED" => "&EX(This)",
393393
"CV" => "_get_zval_ptr_cv_\\1(opline->op1.var EXECUTE_DATA_CC)",
394394
"TMPVAR" => "???",
@@ -397,9 +397,9 @@
397397

398398
$op2_get_obj_zval_ptr_ptr = array(
399399
"ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, opline->op2, \\1)",
400-
"TMP" => "NULL",
400+
"TMP" => "zend_get_bad_ptr()",
401401
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
402-
"CONST" => "NULL",
402+
"CONST" => "zend_get_bad_ptr()",
403403
"UNUSED" => "&EX(This)",
404404
"CV" => "_get_zval_ptr_cv_\\1(opline->op2.var EXECUTE_DATA_CC)",
405405
"TMPVAR" => "???",
@@ -408,9 +408,9 @@
408408

409409
$op1_get_obj_zval_ptr_ptr_undef = array(
410410
"ANY" => "get_obj_zval_ptr_ptr(opline->op1_type, opline->op1, \\1)",
411-
"TMP" => "NULL",
411+
"TMP" => "zend_get_bad_ptr()",
412412
"VAR" => "_get_zval_ptr_ptr_var(opline->op1.var EXECUTE_DATA_CC)",
413-
"CONST" => "NULL",
413+
"CONST" => "zend_get_bad_ptr()",
414414
"UNUSED" => "&EX(This)",
415415
"CV" => "EX_VAR(opline->op1.var)",
416416
"TMPVAR" => "???",
@@ -419,9 +419,9 @@
419419

420420
$op2_get_obj_zval_ptr_ptr_undef = array(
421421
"ANY" => "get_obj_zval_ptr_ptr(opline->op2_type, opline->op2, \\1)",
422-
"TMP" => "NULL",
422+
"TMP" => "zend_get_bad_ptr()",
423423
"VAR" => "_get_zval_ptr_ptr_var(opline->op2.var EXECUTE_DATA_CC)",
424-
"CONST" => "NULL",
424+
"CONST" => "zend_get_bad_ptr()",
425425
"UNUSED" => "&EX(This)",
426426
"CV" => "EX_VAR(opline->op2.var)",
427427
"TMPVAR" => "???",
@@ -518,9 +518,9 @@
518518

519519
$op_data_get_zval_ptr_ptr = array(
520520
"ANY" => "get_zval_ptr_ptr((opline+1)->op1_type, (opline+1)->op1, \\1)",
521-
"TMP" => "NULL",
521+
"TMP" => "zend_get_bad_ptr()",
522522
"VAR" => "_get_zval_ptr_ptr_var((opline+1)->op1.var EXECUTE_DATA_CC)",
523-
"CONST" => "NULL",
523+
"CONST" => "zend_get_bad_ptr()",
524524
"UNUSED" => "NULL",
525525
"CV" => "_get_zval_ptr_cv_\\1((opline+1)->op1.var EXECUTE_DATA_CC)",
526526
"TMPVAR" => "???",

0 commit comments

Comments
 (0)