php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80782 DASM_S_RANGE_VREG on PHP_INT_MIN-1
Submitted: 2021-02-22 08:22 UTC Modified: 2021-02-22 08:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: nikic@php.net Assigned: dmitry (profile)
Status: Closed Package: JIT
PHP Version: 8.0.3RC1 OS:
Private report: No CVE-ID: None
 [2021-02-22 08:22 UTC] nikic@php.net
Description:
------------
php -d opcache.jit_hot_func=1

<?php
define('LONG_MIN', PHP_INT_MIN);
var_dump(LONG_MIN-1);

DASM_S_RANGE_VREG
php: /home/nikic/php/php-src/ext/opcache/jit/zend_jit.c:311: handle_dasm_error: Assertion `0' failed.
Aborted (core dumped)

The problem seems to be that https://github.com/php/php-src/blob/fd3692ba41a6338905a38a8007ad61fa380f6fc1/ext/opcache/jit/zend_jit_x86.dasc#L4344-L4350 assumes that res_addr is an integer zval/reg, but here has been allocated to xmm0 (the result always overflows).


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-22 08:22 UTC] nikic@php.net
-Assigned To: +Assigned To: dmitry
 [2021-02-24 09:20 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b7fa5268e4d9ca7ee4c2ae908b6b45b9517d5921
Log: Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1)
 [2021-02-24 09:20 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 13:01:29 2024 UTC