Ensure vm_spec_handlers exists for all opcodes <= 255 so that user defined higher opcodes do not read outside buffer

bwoebi · bwoebi · commit b4285e5546f4 · 2022-05-25T11:28:34.000+02:00
This largely has no effect in practice, but ASAN will complain then.
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
@@ -63870,7 +63870,59 @@ void zend_vm_init(void)
 		2542,
 		2543,
 		2544,
-		3448
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
+		3448,
 	};
 #if (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID)
 	zend_opcode_handler_funcs = labels;
diff --git a/Zend/zend_vm_gen.php b/Zend/zend_vm_gen.php
@@ -1525,7 +1525,9 @@ function gen_specs($f, $prolog, $specs) {
         $last = $num;
         out($f, "$prolog$def,\n");
     }
-    out($f, "$prolog$lastdef\n");
+    while ($last++ < 255) {
+        out($f, "$prolog$lastdef,\n");
+    }
 }
 
 // Generates handler for undefined opcodes (CALL threading model)

Original file line number	Diff line number	Diff line change
`@@ -1525,7 +1525,9 @@ function gen_specs($f, $prolog, $specs) {`
`1525`	`1525`	`$last = $num;`
`1526`	`1526`	`out($f, "$prolog$def,\n");`
`1527`	`1527`	`}`
`1528`		`- out($f, "$prolog$lastdef\n");`
	`1528`	`+ while ($last++ < 255) {`
	`1529`	`+ out($f, "$prolog$lastdef,\n");`
	`1530`	`+ }`
`1529`	`1531`	`}`
`1530`	`1532`
`1531`	`1533`	`// Generates handler for undefined opcodes (CALL threading model)`