From db801763e4aed1083d8b348a6bdc9f9e3f752299 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 24 Sep 2016 21:03:13 +0200 Subject: [PATCH] Add range inference for ZEND_STRLEN On 32-bit systems we conservatively allow negative lengths. On 64-bit systems, the range could additionally be restricted to the canonical 48-bit size. --- ext/opcache/Optimizer/zend_inference.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c index 7505e1475c..4e7db1a75b 100644 --- a/ext/opcache/Optimizer/zend_inference.c +++ b/ext/opcache/Optimizer/zend_inference.c @@ -1595,6 +1595,20 @@ int zend_inference_calc_range(const zend_op_array *op_array, zend_ssa *ssa, int } } break; + case ZEND_STRLEN: + if (ssa->ops[line].result_def == var) { +#if SIZEOF_ZEND_LONG == 4 + /* The length of a string is a non-negative integer. However, on 32-bit + * platforms overflows into negative lengths may occur, so it's better + * to not assume any particular range. */ + tmp->min = ZEND_LONG_MIN; +#else + tmp->min = 0; +#endif + tmp->max = ZEND_LONG_MAX; + return 1; + } + break; case ZEND_DO_FCALL: case ZEND_DO_ICALL: case ZEND_DO_UCALL: -- 2.50.1