From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 22 Oct 2019 12:59:24 +0000 (+0200)
Subject: JIT: UNDEF result on "Illegal offset type" exception
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=097184cae715984901bad5d8872e2d4a153ec5bc;p=php

JIT: UNDEF result on "Illegal offset type" exception
---

diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
index ad4be46c63..b0d12f4d18 100644
--- a/ext/opcache/jit/zend_jit_helpers.c
+++ b/ext/opcache/jit/zend_jit_helpers.c
@@ -18,6 +18,15 @@
 
 #include "Zend/zend_API.h"
 
+static ZEND_COLD void undef_result_after_exception() {
+	const zend_op *opline = EG(opline_before_exception);
+	ZEND_ASSERT(EG(exception));
+	if (opline->result_type & (IS_VAR | IS_TMP_VAR)) {
+		zend_execute_data *execute_data = EG(current_execute_data);
+		ZVAL_UNDEF(EX_VAR(opline->result.var));
+	}
+}
+
 static zend_never_inline zend_function* ZEND_FASTCALL _zend_jit_init_func_run_time_cache(const zend_op_array *op_array) /* {{{ */
 {
 	void **run_time_cache;
@@ -469,6 +478,7 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
 			goto num_index;
 		default:
 			zend_type_error("Illegal offset type");
+			undef_result_after_exception();
 			return NULL;
 	}
 
@@ -537,6 +547,7 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_w_helper(zend_array *ht, zval *dim
 			goto num_index;
 		default:
 			zend_type_error("Illegal offset type");
+			undef_result_after_exception();
 			return NULL;
 	}