Address review comments

Author: Girgias

Zend/tests/bug24773.phpt

@@ -6,7 +6,7 @@ Bug #24773 (unset() of integers treated as arrays causes a crash)
     unset($array["lvl1"]["lvl2"]["b"]);
 ?>
 --EXPECTF--
-Fatal error: Uncaught TypeError: Cannot access offset of type string on string in %s:%d
+Fatal error: Uncaught TypeError: Cannot access offset of type string in unset in %s:%d
 Stack trace:
 #0 {main}
   thrown in %s on line %d

Zend/zend_execute.c

@@ -1591,7 +1591,7 @@ static zend_never_inline zend_long zend_check_string_offset(zval *dim, int type
 				}
 				return offset;
 			}
-			zend_illegal_container_offset("string", dim, BP_VAR_R);
+			zend_illegal_container_offset("string", dim, type);
 			return 0;
 		}
 		case IS_UNDEF:
@@ -1607,7 +1607,7 @@ static zend_never_inline zend_long zend_check_string_offset(zval *dim, int type
 			dim = Z_REFVAL_P(dim);
 			goto try_again;
 		default:
-			zend_illegal_container_offset("string", dim, BP_VAR_R);
+			zend_illegal_container_offset("string", dim, type);
 			return 0;
 	}
 
@@ -2404,7 +2404,7 @@ static zend_never_inline zend_uchar slow_index_convert_w(HashTable *ht, const zv
 			value->lval = 1;
 			return IS_LONG;
 		default:
-			zend_illegal_container_offset("array", dim, BP_VAR_R);
+			zend_illegal_container_offset("array", dim, BP_VAR_W);
 			return IS_NULL;
 	}
 }

Zend/zend_vm_def.h

@@ -6069,7 +6069,7 @@ ZEND_VM_C_LABEL(num_index):
 			str = ZSTR_EMPTY_ALLOC();
 			ZEND_VM_C_GOTO(str_index);
 		} else {
-			zend_illegal_container_offset("array", offset, BP_VAR_R);
+			zend_illegal_container_offset("array", offset, BP_VAR_W);
 			zval_ptr_dtor_nogc(expr_ptr);
 		}
 		FREE_OP2();

Zend/zend_vm_execute.h

@@ -620,7 +620,7 @@ static void ZEND_FASTCALL zend_jit_fetch_dim_is_helper(zend_array *ht, zval *dim
 			hval = 1;
 			goto num_index;
 		default:
-			zend_illegal_container_offset("array", dim, BP_VAR_R);
+			zend_illegal_container_offset("array", dim, BP_VAR_IS);
 			undef_result_after_exception();
 			return;
 	}
@@ -858,7 +858,7 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_rw_helper(zend_array *ht, zval *di
 			hval = 1;
 			goto num_index;
 		default:
-			zend_illegal_container_offset("array", dim, BP_VAR_R);
+			zend_illegal_container_offset("array", dim, BP_VAR_RW);
 			undef_result_after_exception();
 			return NULL;
 	}
@@ -1014,7 +1014,8 @@ static zval* ZEND_FASTCALL zend_jit_fetch_dim_w_helper(zend_array *ht, zval *dim
 	return retval;
 }
 
-static zend_never_inline zend_long zend_check_string_offset(zval *dim/*, int type*/)
+/* type is one of the BP_VAR_* constants */
+static zend_never_inline zend_long zend_check_string_offset(zval *dim, int type)
 {
 	zend_long offset;
 
@@ -1050,7 +1051,7 @@ static zend_never_inline zend_long zend_check_string_offset(zval *dim/*, int typ
 			dim = Z_REFVAL_P(dim);
 			goto try_again;
 		default:
-			zend_illegal_container_offset("string", dim, BP_VAR_R);
+			zend_illegal_container_offset("string", dim, type);
 			return 0;
 	}
 
@@ -1088,7 +1089,7 @@ static zend_string* ZEND_FASTCALL zend_jit_fetch_dim_str_r_helper(zend_string *s
 		if (!(GC_FLAGS(str) & IS_STR_INTERNED)) {
 			GC_ADDREF(str);
 		}
-		offset = zend_check_string_offset(dim/*, BP_VAR_R*/);
+		offset = zend_check_string_offset(dim, BP_VAR_R);
 		if (!(GC_FLAGS(str) & IS_STR_INTERNED) && UNEXPECTED(GC_DELREF(str) == 0)) {
 			zend_string *ret = zend_jit_fetch_dim_str_offset(str, offset);
 			zend_string_efree(str);
@@ -1125,7 +1126,7 @@ static void ZEND_FASTCALL zend_jit_fetch_dim_str_is_helper(zend_string *str, zva
 				dim = Z_REFVAL_P(dim);
 				goto try_string_offset;
 			default:
-				zend_illegal_container_offset("string", dim, BP_VAR_R);
+				zend_illegal_container_offset("string", dim, BP_VAR_IS);
 				break;
 		}
 
@@ -1227,7 +1228,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 		/* The string may be destroyed while throwing the notice.
 		 * Temporarily increase the refcount to detect this situation. */
 		GC_ADDREF(s);
-		offset = zend_check_string_offset(dim/*, BP_VAR_W*/);
+		offset = zend_check_string_offset(dim, BP_VAR_W);
 		if (UNEXPECTED(GC_DELREF(s) == 0)) {
 			zend_string_efree(s);
 			if (result) {
@@ -1403,7 +1404,7 @@ static zend_always_inline void ZEND_FASTCALL zend_jit_fetch_dim_obj_helper(zval
 			zend_throw_error(NULL, "[] operator not supported for strings");
 		} else {
 			if (UNEXPECTED(Z_TYPE_P(dim) != IS_LONG)) {
-				zend_check_string_offset(dim/*, BP_VAR_RW*/);
+				zend_check_string_offset(dim, BP_VAR_RW);
 			}
 			zend_wrong_string_offset_error();
 		}
@@ -1591,7 +1592,7 @@ static void ZEND_FASTCALL zend_jit_assign_dim_op_helper(zval *container, zval *d
 			zend_throw_error(NULL, "[] operator not supported for strings");
 		} else {
 			if (UNEXPECTED(Z_TYPE_P(dim) != IS_LONG)) {
-				zend_check_string_offset(dim/*, BP_VAR_RW*/);
+				zend_check_string_offset(dim, BP_VAR_RW);
 			}
 			zend_wrong_string_offset_error();
 		}

ext/opcache/jit/zend_jit_helpers.c

@@ -246,6 +246,8 @@ static void spl_hash_key_release(spl_hash_key *key) {
 	}
 }
 
+/* This function does not throw any exceptions for illegal offsets, calls to
+ * zend_illegal_container_offset(); need to be made if the return value is FAILURE */
 static zend_result get_hash_key(spl_hash_key *key, spl_array_object *intern, zval *offset)
 {
 	key->release_key = false;
@@ -286,7 +288,6 @@ static zend_result get_hash_key(spl_hash_key *key, spl_array_object *intern, zva
 		ZVAL_DEREF(offset);
 		goto try_again;
 	default:
-		zend_illegal_container_offset("ArrayObject", offset, BP_VAR_R);
 		return FAILURE;
 	}
 
@@ -466,7 +467,7 @@ static void spl_array_write_dimension_ex(int check_inherited, zend_object *objec
 	}
 
 	if (get_hash_key(&key, intern, offset) == FAILURE) {
-		zend_illegal_container_offset("ArrayObject", offset, BP_VAR_R);
+		zend_illegal_container_offset("ArrayObject", offset, BP_VAR_W);
 		zval_ptr_dtor(value);
 		return;
 	}