Remove more null arithmetic UB

author Nikita Popov <nikita.ppv@gmail.com>

Thu, 27 Feb 2020 11:53:55 +0000 (12:53 +0100)

committer Nikita Popov <nikita.ppv@gmail.com>

Thu, 27 Feb 2020 11:54:48 +0000 (12:54 +0100)
author Nikita Popov <nikita.ppv@gmail.com>
Thu, 27 Feb 2020 11:53:55 +0000 (12:53 +0100)
committer Nikita Popov <nikita.ppv@gmail.com>
Thu, 27 Feb 2020 11:54:48 +0000 (12:54 +0100)
diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h

index 97ce2b9415f080a7538e9d24c4f531299b032c9a..319ef51bcb7af4ab076ee7e50d8226b24eb608ce 100644 (file)
--- a/Zend/zend_compile.h
+++ b/Zend/zend_compile.h
@@ -578,6 +578,7 @@ struct _zend_execute_data {
  #define EX_VAR_NUM(n)                  ZEND_CALL_VAR_NUM(execute_data, n)
  
  #define EX_VAR_TO_NUM(n)               ((uint32_t)((n) / sizeof(zval) - ZEND_CALL_FRAME_SLOT))
+#define EX_NUM_TO_VAR(n)               ((uint32_t)((n + ZEND_CALL_FRAME_SLOT) * sizeof(zval)))
  
  #define ZEND_OPLINE_TO_OFFSET(opline, target) \
         ((char*)(target) - (char*)(opline))
diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c

index 881626b71e4872a05af9c2cec5fc207c35566b2f..4ebe92fa9511d3c8cca2dff895ddf19086fef8ba 100644 (file)
--- a/Zend/zend_opcode.c
+++ b/Zend/zend_opcode.c
@@ -1035,15 +1035,15 @@ ZEND_API int pass_two(zend_op_array *op_array)
                 if (opline->op1_type == IS_CONST) {
                         ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op1);
                 } else if (opline->op1_type & (IS_VAR|IS_TMP_VAR)) {
-                       opline->op1.var = (uint32_t)(zend_intptr_t)ZEND_CALL_VAR_NUM(NULL, op_array->last_var + opline->op1.var);
+                       opline->op1.var = EX_NUM_TO_VAR(op_array->last_var + opline->op1.var);
                 }
                 if (opline->op2_type == IS_CONST) {
                         ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op2);
                 } else if (opline->op2_type & (IS_VAR|IS_TMP_VAR)) {
-                       opline->op2.var = (uint32_t)(zend_intptr_t)ZEND_CALL_VAR_NUM(NULL, op_array->last_var + opline->op2.var);
+                       opline->op2.var = EX_NUM_TO_VAR(op_array->last_var + opline->op2.var);
                 }
                 if (opline->result_type & (IS_VAR|IS_TMP_VAR)) {
-                       opline->result.var = (uint32_t)(zend_intptr_t)ZEND_CALL_VAR_NUM(NULL, op_array->last_var + opline->result.var);
+                       opline->result.var = EX_NUM_TO_VAR(op_array->last_var + opline->result.var);
                 }
                 ZEND_VM_SET_OPCODE_HANDLER(opline);
                 opline++;
diff --git a/ext/opcache/Optimizer/zend_optimizer_internal.h b/ext/opcache/Optimizer/zend_optimizer_internal.h

index 270a85c89ae0f53227cba3f278c2bbaffe16e976..5207e6cb749fab47a4dda7b24ac04329f8c0973e 100644 (file)
--- a/ext/opcache/Optimizer/zend_optimizer_internal.h
+++ b/ext/opcache/Optimizer/zend_optimizer_internal.h
@@ -31,7 +31,7 @@
  #define ZEND_OP2_JMP_ADDR(opline)              OP_JMP_ADDR(opline, (opline)->op2)
  
  #define VAR_NUM(v) EX_VAR_TO_NUM(v)
-#define NUM_VAR(v) ((uint32_t)(zend_uintptr_t)ZEND_CALL_VAR_NUM(0, v))
+#define NUM_VAR(v) EX_NUM_TO_VAR(v)
  
  #define INV_COND(op)       ((op) == ZEND_JMPZ    ? ZEND_JMPNZ    : ZEND_JMPZ)
  #define INV_EX_COND(op)    ((op) == ZEND_JMPZ_EX ? ZEND_JMPNZ    : ZEND_JMPZ)
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc

index 3b6e3b26f56ca97e8c124dfe1297232814079cb3..4140ea81dcfef5bdafe61a83a9e46db93f3fea31 100644 (file)
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -2718,7 +2718,7 @@ static int zend_jit_load_reg(dasm_State **Dst, zend_jit_addr src, zend_jit_addr
  static int zend_jit_store_var(dasm_State **Dst, uint32_t info, int var, zend_reg reg)
  {
         zend_jit_addr src = ZEND_ADDR_REG(reg);
-       zend_jit_addr dst = ZEND_ADDR_MEM_ZVAL(ZREG_FP, (uint32_t)(uintptr_t)ZEND_CALL_VAR_NUM(NULL, var));
+       zend_jit_addr dst = ZEND_ADDR_MEM_ZVAL(ZREG_FP, EX_NUM_TO_VAR(var));
  
         return zend_jit_spill_store(Dst, src, dst, info, 1);
  }
@@ -2751,7 +2751,7 @@ static int zend_jit_store_var_if_necessary_ex(dasm_State **Dst, int var, zend_ji
  
  static int zend_jit_load_var(dasm_State **Dst, uint32_t info, int var, zend_reg reg)
  {
-       zend_jit_addr src = ZEND_ADDR_MEM_ZVAL(ZREG_FP, (uint32_t)(uintptr_t)ZEND_CALL_VAR_NUM(NULL, var));
+       zend_jit_addr src = ZEND_ADDR_MEM_ZVAL(ZREG_FP, EX_NUM_TO_VAR(var));
         zend_jit_addr dst = ZEND_ADDR_REG(reg);
  
         return zend_jit_load_reg(Dst, src, dst, info);
@@ -6971,7 +6971,7 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
  
                 if (func) {
                         for (i = call_info->num_args; i < func->op_array.last_var; i++) {
-                               uint32_t n = (uint32_t)(uintptr_t)ZEND_CALL_VAR_NUM(NULL, i);
+                               uint32_t n = EX_NUM_TO_VAR(i);
                                 |       SET_Z_TYPE_INFO RX + n, IS_UNDEF
                         }
                 }
@@ -7189,7 +7189,7 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
                 |       // zend_vm_stack_free_args(call);
                 if (func) {
                         for (i = 0; i < call_info->num_args; i++ ) {
-                               uint32_t offset = (uint32_t)(uintptr_t)ZEND_CALL_VAR_NUM(NULL, i);
+                               uint32_t offset = EX_NUM_TO_VAR(i);
                                 |       ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_RX, offset), MAY_BE_ANY|MAY_BE_RC1|MAY_BE_RCN, 0, 1, 0, opline
                         }
                 } else {
@@ -7909,8 +7909,7 @@ static int zend_jit_free_compiled_variables(dasm_State **Dst, const zend_op *opl
                                         const zend_op *opline = op_array->opcodes + ssa->cfg.blocks[j].start + ssa->cfg.blocks[j].len - 1;
  
                                         if (opline->opcode == ZEND_RETURN) {
-                                               if (opline->op1_type == IS_CV &&
-                                                   opline->op1.var == (uint32_t)(uintptr_t)(ZEND_CALL_VAR_NUM(NULL, i))) {
+                                               if (opline->op1_type == IS_CV && opline->op1.var == EX_NUM_TO_VAR(i)) {
                                                         info |= MAY_BE_RCN;
                                                         break;
                                                 }
@@ -7921,7 +7920,7 @@ static int zend_jit_free_compiled_variables(dasm_State **Dst, const zend_op *opl
  #endif
  
                 if (info & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)) {
-                       uint32_t offset = (uint32_t)(uintptr_t)ZEND_CALL_VAR_NUM(NULL, i);
+                       uint32_t offset = EX_NUM_TO_VAR(i);
                         | ZVAL_PTR_DTOR ZEND_ADDR_MEM_ZVAL(ZREG_FP, offset), info, 1, 1, 0, opline
                 }
         }
author	Nikita Popov <nikita.ppv@gmail.com>
	Thu, 27 Feb 2020 11:53:55 +0000 (12:53 +0100)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Thu, 27 Feb 2020 11:54:48 +0000 (12:54 +0100)
Zend/zend_compile.h		patch \| blob \| history
Zend/zend_opcode.c		patch \| blob \| history
ext/opcache/Optimizer/zend_optimizer_internal.h		patch \| blob \| history
ext/opcache/jit/zend_jit_x86.dasc		patch \| blob \| history