From 8e63bb5e465620f27de93dea82e0d84be72da7f3 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 29 Jul 2019 13:02:01 +0200
Subject: [PATCH] Fixed bug #78341

The smart branch logic assumed b->start refers to the old offsets,
while b->start was already adjusted to the new offsets at this
point. Delay the change until later.
---
 NEWS                             |  3 +++
 ext/opcache/Optimizer/dfa_pass.c | 14 +++++++-------
 ext/opcache/tests/bug78341.phpt  | 21 +++++++++++++++++++++
 3 files changed, 31 insertions(+), 7 deletions(-)
 create mode 100644 ext/opcache/tests/bug78341.phpt

diff --git a/NEWS b/NEWS
index 58cc45e10c..b3bdfc87c1 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,9 @@ PHP                                                                        NEWS
 - LiteSpeed:
   . Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown). (George Wang)
 
+- Opcode:
+  . Fixed bug #78341 (Failure to detect smart branch in DFA pass). (Nikita)
+
 - Standard:
   . Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream)
     with invalid length). (Nikita)
diff --git a/ext/opcache/Optimizer/dfa_pass.c b/ext/opcache/Optimizer/dfa_pass.c
index 55b9597850..ecf3038b6b 100644
--- a/ext/opcache/Optimizer/dfa_pass.c
+++ b/ext/opcache/Optimizer/dfa_pass.c
@@ -181,9 +181,8 @@ static void zend_ssa_remove_nops(zend_op_array *op_array, zend_ssa *ssa, zend_op
 
 	for (b = blocks; b < blocks_end; b++) {
 		if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
-			uint32_t end;
-
 			if (b->len) {
+				uint32_t new_start, old_end;
 				while (i < b->start) {
 					shiftlist[i] = i - target;
 					i++;
@@ -196,9 +195,9 @@ static void zend_ssa_remove_nops(zend_op_array *op_array, zend_ssa *ssa, zend_op
 					b->len = 1;
 				}
 
-				end = b->start + b->len;
-				b->start = target;
-				while (i < end) {
+				new_start = target;
+				old_end = b->start + b->len;
+				while (i < old_end) {
 					shiftlist[i] = i - target;
 					if (EXPECTED(op_array->opcodes[i].opcode != ZEND_NOP) ||
 						is_smart_branch_inhibiting_nop(op_array, target, i, b, blocks_end)) {
@@ -211,12 +210,13 @@ static void zend_ssa_remove_nops(zend_op_array *op_array, zend_ssa *ssa, zend_op
 					}
 					i++;
 				}
-				if (target != end) {
+				b->start = new_start;
+				if (target != old_end) {
 					zend_op *opline;
 					zend_op *new_opline;
 
 					b->len = target - b->start;
-					opline = op_array->opcodes + end - 1;
+					opline = op_array->opcodes + old_end - 1;
 					if (opline->opcode == ZEND_NOP) {
 						continue;
 					}
diff --git a/ext/opcache/tests/bug78341.phpt b/ext/opcache/tests/bug78341.phpt
new file mode 100644
index 0000000000..8b10125068
--- /dev/null
+++ b/ext/opcache/tests/bug78341.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #78341: Failure to detect smart branch in DFA pass
+--FILE--
+<?php
+
+function test($a) {
+    // Just some dead code...
+    if (strpos("foo", "foo") !== 0) {
+        echo "Foo";
+    }
+
+    $x = $a === null;
+    if ($x) {
+        var_dump($x);
+    }
+}
+test(null);
+
+?>
+--EXPECT--
+bool(true)
-- 
2.50.1