From 578cdf1f98f906e99aa7180535105f756c256de8 Mon Sep 17 00:00:00 2001 From: Levi Morrison Date: Fri, 16 May 2025 15:21:19 -0600 Subject: [PATCH] fix: dangling opline in ZEND_INIT_ARRAY This causes problems if an allocation profiler decides to walk the stack, or if the engine itself OOMs on this opcode, and it tries to print file and line information. --- Zend/zend_vm_def.h | 1 + Zend/zend_vm_execute.h | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 53aa7a821f697..19422fe5eebfd 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -6281,6 +6281,7 @@ ZEND_VM_HANDLER(71, ZEND_INIT_ARRAY, CONST|TMP|VAR|CV|UNUSED, CONST|TMPVAR|UNUSE uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (OP1_TYPE != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 2c86a94134c08..209e6cdbe7dfe 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -7424,6 +7424,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_CONST_HA uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CONST != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -9765,6 +9766,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_TMPVAR_H uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CONST != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -10695,6 +10697,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_UNUSED_H uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CONST != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -12161,6 +12164,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_CV_HANDL uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CONST != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -20189,6 +20193,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_CONST_HAND uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_TMP_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -20633,6 +20638,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_TMPVAR_HAN uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_TMP_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -21094,6 +21100,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_UNUSED_HAN uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_TMP_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -21498,6 +21505,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_CV_HANDLER uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_TMP_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -25327,6 +25335,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_CONST_HAND uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -27777,6 +27786,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_TMPVAR_HAN uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -29855,6 +29865,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_UNUSED_HAN uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -32165,6 +32176,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_CV_HANDLER uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_VAR != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -34399,6 +34411,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_CONST_H uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_UNUSED != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -36281,6 +36294,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_TMPVAR_ uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_UNUSED != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -36918,6 +36932,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_UNUSED_ uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_UNUSED != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -38776,6 +38791,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_CV_HAND uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_UNUSED != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -43871,6 +43887,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_CONST_HANDL uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CV != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -47511,6 +47528,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_TMPVAR_HAND uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CV != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -49480,6 +49498,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_UNUSED_HAND uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CV != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT; @@ -52998,6 +53017,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_CV_HANDLER( uint32_t size; USE_OPLINE + SAVE_OPLINE(); array = EX_VAR(opline->result.var); if (IS_CV != IS_UNUSED) { size = opline->extended_value >> ZEND_ARRAY_SIZE_SHIFT;