From: Nikita Popov Date: Fri, 28 Jun 2019 10:38:28 +0000 (+0200) Subject: Fix out of bounds read in sccp X-Git-Tag: php-7.4.0alpha3~136 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ca6f41aa5a15a44f841e42c7255294d521c95d5d;p=php Fix out of bounds read in sccp --- diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c index ab202d2ead..0f5f1d18e1 100644 --- a/ext/opcache/Optimizer/sccp.c +++ b/ext/opcache/Optimizer/sccp.c @@ -2329,6 +2329,7 @@ static int try_remove_definition(sccp_ctx *ctx, int var_num, zend_ssa_var *var, if (opline->opcode == ZEND_DO_ICALL) { removed_ops = remove_call(ctx, opline, ssa_op); } else if (opline->opcode == ZEND_TYPE_CHECK + && ssa_op->op1_use >= 0 && !value_known(&ctx->values[ssa_op->op1_use])) { /* For TYPE_CHECK we may compute the result value without knowing the * operand, based on type inference information. Make sure the operand is