From: Nikita Popov <nikita.ppv@gmail.com>
Date: Sat, 16 Dec 2017 20:11:40 +0000 (+0100)
Subject: Backport narrowing fix to 7.1
X-Git-Tag: php-7.1.14RC1~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f208187773edd9423e64b5b4dd16b146260c780d;p=php

Backport narrowing fix to 7.1

This is a cherry-pick of 8a4532319dfae83ff16b2d2bbfeed062924c3c27.
---

diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c
index db232dff72..aeb30c8ec5 100644
--- a/ext/opcache/Optimizer/zend_inference.c
+++ b/ext/opcache/Optimizer/zend_inference.c
@@ -2157,6 +2157,24 @@ static int zend_update_type_info(const zend_op_array *op_array,
 	t1 = OP1_INFO();
 	t2 = OP2_INFO();
 
+	/* If one of the operands cannot have any type, this means the operand derives from
+	 * unreachable code. Propagate the empty result early, so that that the following
+	 * code may assume that operands have at least one type. */
+	if (!(t1 & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_CLASS|MAY_BE_ERROR))
+			|| !(t2 & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_CLASS|MAY_BE_ERROR))) {
+		tmp = 0;
+		if (ssa_ops[i].result_def >= 0) {
+			UPDATE_SSA_TYPE(tmp, ssa_ops[i].result_def);
+		} 
+		if (ssa_ops[i].op1_def >= 0) { 
+			UPDATE_SSA_TYPE(tmp, ssa_ops[i].op1_def);
+		} 
+		if (ssa_ops[i].op2_def >= 0) { 
+			UPDATE_SSA_TYPE(tmp, ssa_ops[i].op2_def);
+		} 
+		return 1;
+	} 
+
 	switch (opline->opcode) {
 		case ZEND_ADD:
 		case ZEND_SUB: