php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80782 DASM_S_RANGE_VREG on PHP_INT_MIN-1
Submitted: 2021-02-22 08:22 UTC Modified: 2021-02-22 08:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: nikic@php.net Assigned: dmitry (profile)
Status: Closed Package: JIT
PHP Version: 8.0.3RC1 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nikic@php.net
New email:
PHP Version: OS:

 

 [2021-02-22 08:22 UTC] nikic@php.net 
Description:
------------
php -d opcache.jit_hot_func=1

<?php
define('LONG_MIN', PHP_INT_MIN);
var_dump(LONG_MIN-1);

DASM_S_RANGE_VREG
php: /home/nikic/php/php-src/ext/opcache/jit/zend_jit.c:311: handle_dasm_error: Assertion `0' failed.
Aborted (core dumped)

The problem seems to be that https://github.com/php/php-src/blob/fd3692ba41a6338905a38a8007ad61fa380f6fc1/ext/opcache/jit/zend_jit_x86.dasc#L4344-L4350 assumes that res_addr is an integer zval/reg, but here has been allocated to xmm0 (the result always overflows).

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-22 08:22 UTC] nikic@php.net
-Assigned To: +Assigned To: dmitry
 [2021-02-24 09:20 UTC] dmitry@php.net 
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b7fa5268e4d9ca7ee4c2ae908b6b45b9517d5921
Log: Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1)
 [2021-02-24 09:20 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC