From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 21 Jul 2020 17:54:33 +0000 (+0300)
Subject: Fixed bug #79864 (JIT segfault in Symfony OptionsResolver)
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b44169e9ddd46d32342c68493eebf446e707fbde;p=php

Fixed bug #79864 (JIT segfault in Symfony OptionsResolver)
---

diff --git a/NEWS b/NEWS
index 1d9668625e..660644e8b8 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.0.0beta1
 
+- JIT:
+  . Fixed bug #79864 (JIT segfault in Symfony OptionsResolver). (Dmitry)
 
 23 Jul 2020, PHP 8.0.0alpha3
 
diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c
index 74f63c53a4..48a04735da 100644
--- a/ext/opcache/jit/zend_jit.c
+++ b/ext/opcache/jit/zend_jit.c
@@ -3029,6 +3029,17 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 							zend_may_throw(opline, ssa_op, op_array, ssa))) {
 						goto jit_failure;
 					}
+					if (i == end
+					 && (opline->result_type & (IS_SMART_BRANCH_JMPZ|IS_SMART_BRANCH_JMPNZ)) != 0) {
+						/* smart branch split across basic blocks */
+						if (!zend_jit_cond_jmp(&dasm_state, opline + 2, ssa->cfg.blocks[b+1].successors[0])) {
+							goto jit_failure;
+						}
+						if (!zend_jit_jmp(&dasm_state, ssa->cfg.blocks[b+1].successors[1])) {
+							goto jit_failure;
+						}
+						is_terminated = 1;
+					}
 			}
 done:
 			switch (opline->opcode) {