From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 20 Jun 2019 07:49:07 +0000 (+0200)
Subject: Avoid memset/memcpy null ub in block pass
X-Git-Tag: php-7.4.0alpha2~45
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ccfe6c862a9ad27d641dc6d5cd8386fe2b912acc;p=php

Avoid memset/memcpy null ub in block pass

The arena allocator has no problem with zero-size allocations (and
will just return the same pointer for each in this case), so just
do that to avoid null pointers.
---

diff --git a/ext/opcache/Optimizer/block_pass.c b/ext/opcache/Optimizer/block_pass.c
index e0d44dd5cc..a635c55571 100644
--- a/ext/opcache/Optimizer/block_pass.c
+++ b/ext/opcache/Optimizer/block_pass.c
@@ -1912,17 +1912,11 @@ void zend_optimize_cfg(zend_op_array *op_array, zend_optimizer_ctx *ctx)
 		zend_dump_op_array(op_array, ZEND_DUMP_CFG, "before block pass", &cfg);
 	}
 
-	if (op_array->last_var || op_array->T) {
-		bitset_len = zend_bitset_len(op_array->last_var + op_array->T);
-		Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
-		same_t = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
-		usage = zend_arena_alloc(&ctx->arena, bitset_len * ZEND_BITSET_ELM_SIZE);
-	} else {
-		bitset_len = 0;
-		Tsource = NULL;
-		same_t = NULL;
-		usage = NULL;
-	}
+	bitset_len = zend_bitset_len(op_array->last_var + op_array->T);
+	Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
+	same_t = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
+	usage = zend_arena_alloc(&ctx->arena, bitset_len * ZEND_BITSET_ELM_SIZE);
+
 	blocks = cfg.blocks;
 	end = blocks + cfg.blocks_count;
 	for (pass = 0; pass < PASSES; pass++) {