Fix invalid returned opcode for memoized expressions

iluuu1994 · iluuu1994 · commit 4ba5699903ce · 2023-10-03T14:01:43.000+02:00
Closes GH-12345
diff --git a/NEWS b/NEWS
@@ -4,6 +4,7 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
+  . Fixed buffer underflow when compiling memoized expression. (ilutov)
 
 - CType:
   . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
diff --git a/Zend/tests/assign_coalesce_009.phpt b/Zend/tests/assign_coalesce_009.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Invalid opcode returned from zend_compile_var_inner() for memoized expression
+--FILE--
+<?php
+strlen("foo")[0] ??= 123;
+?>
+--EXPECTF--
+Fatal error: Cannot use result of built-in function in write context in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -10616,7 +10616,8 @@ static zend_op *zend_compile_var_inner(znode *result, zend_ast *ast, uint32_t ty
 			case ZEND_AST_NULLSAFE_METHOD_CALL:
 			case ZEND_AST_STATIC_CALL:
 				zend_compile_memoized_expr(result, ast);
-				return &CG(active_op_array)->opcodes[CG(active_op_array)->last - 1];
+				/* This might not actually produce an opcode, e.g. for expressions evaluated at comptime. */
+				return NULL;
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -10616,7 +10616,8 @@ static zend_op zend_compile_var_inner(znode result, zend_ast *ast, uint32_t ty`
`10616`	`10616`	`case ZEND_AST_NULLSAFE_METHOD_CALL:`
`10617`	`10617`	`case ZEND_AST_STATIC_CALL:`
`10618`	`10618`	`zend_compile_memoized_expr(result, ast);`
`10619`		`- return &CG(active_op_array)->opcodes[CG(active_op_array)->last - 1];`
	`10619`	`+ /* This might not actually produce an opcode, e.g. for expressions evaluated at comptime. */`
	`10620`	`+ return NULL;`
`10620`	`10621`	`}`
`10621`	`10622`	`}`
`10622`	`10623`