Skip to content

Commit 1a96d64

Browse files
dstogovdstogov
committedJun 20, 2023
Fixed incorrect VM stack overflow checks elimination
1 parent c174ebf commit 1a96d64

File tree

2 files changed

+25
-6
lines changed

2 files changed

+25
-6
lines changed
 

‎ext/opcache/jit/zend_jit_internal.h

+2
Original file line numberDiff line numberDiff line change
@@ -602,6 +602,8 @@ struct _zend_jit_trace_stack_frame {
602602
uint32_t call_level;
603603
uint32_t _info;
604604
int used_stack;
605+
int old_checked_stack;
606+
int old_peek_checked_stack;
605607
zend_jit_trace_stack stack[1];
606608
};
607609

‎ext/opcache/jit/zend_jit_trace.c

+23-6
Original file line numberDiff line numberDiff line change
@@ -6603,7 +6603,8 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
66036603
op_array_ssa = &jit_extension->func_info.ssa;
66046604
top = frame;
66056605
if (frame->prev) {
6606-
checked_stack -= frame->used_stack;
6606+
checked_stack = frame->old_checked_stack;
6607+
peek_checked_stack = frame->old_peek_checked_stack;
66076608
frame = frame->prev;
66086609
stack = frame->stack;
66096610
ZEND_ASSERT(&frame->func->op_array == op_array);
@@ -6762,24 +6763,40 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
67626763
}
67636764
}
67646765
}
6766+
call->old_checked_stack = checked_stack;
6767+
call->old_peek_checked_stack = peek_checked_stack;
67656768
if (p->info & ZEND_JIT_TRACE_FAKE_INIT_CALL) {
67666769
frame->call_level++;
6767-
call->used_stack = 0;
6770+
call->used_stack = checked_stack = peek_checked_stack = 0;
67686771
} else {
67696772
if (p->func) {
67706773
call->used_stack = zend_vm_calc_used_stack(init_opline->extended_value, (zend_function*)p->func);
67716774
} else {
67726775
call->used_stack = (ZEND_CALL_FRAME_SLOT + init_opline->extended_value) * sizeof(zval);
67736776
}
6774-
checked_stack += call->used_stack;
6775-
if (checked_stack > peek_checked_stack) {
6776-
peek_checked_stack = checked_stack;
6777+
switch (init_opline->opcode) {
6778+
case ZEND_INIT_FCALL:
6779+
case ZEND_INIT_FCALL_BY_NAME:
6780+
case ZEND_INIT_NS_FCALL_BY_NAME:
6781+
case ZEND_INIT_METHOD_CALL:
6782+
case ZEND_INIT_DYNAMIC_CALL:
6783+
//case ZEND_INIT_STATIC_METHOD_CALL:
6784+
//case ZEND_INIT_USER_CALL:
6785+
//case ZEND_NEW:
6786+
checked_stack += call->used_stack;
6787+
if (checked_stack > peek_checked_stack) {
6788+
peek_checked_stack = checked_stack;
6789+
}
6790+
break;
6791+
default:
6792+
checked_stack = peek_checked_stack = 0;
67776793
}
67786794
}
67796795
} else if (p->op == ZEND_JIT_TRACE_DO_ICALL) {
67806796
call = frame->call;
67816797
if (call) {
6782-
checked_stack -= call->used_stack;
6798+
checked_stack = call->old_checked_stack;
6799+
peek_checked_stack = call->old_peek_checked_stack;
67836800
top = call;
67846801
frame->call = call->prev;
67856802
}

0 commit comments

Comments
 (0)