| commit | c0327d935922b19ec5cbc7100ae96c7cd87fd296 | |
| author | Shaunak Kishore <kshaunak@fb.com> | |
| Fri, 29 Jan 2021 08:48:01 +0000 (29 00:48 -0800) | ||
| committer | Facebook GitHub Bot <facebook-github-bot@users.noreply.github.com> | |
| Fri, 29 Jan 2021 08:50:21 +0000 (29 00:50 -0800) | ||
| tree | 7ef89f1281adf120772385f2c14d52e6c5ecfe9c | treesnapshot (tar.gz zip) |
| parent | 3151a26f945f8347aeb6629f474279ee8a9435ec | commitdiff |
Fix bug in setting up lval args
Summary:
Our code for setting up arguments to native calls doesn't handle constant lval args correctly: it uses the constant value for both the type and value pointers.
The most common constant lvals are the immutable uninit and null TypedValues, which we use for member ops that are guaranteed to have no effect. The broken code above accidentally worked, because interpreting (int64_t)0 as a DataType happens to yield KindOfUninit, and uninit and null are similar enough that the behavior works out.
This coincidental situation broke in my next diff, where I have a different DataType encoding. However, we can trigger the breakage by simply using "more interesting" values for these two sentinel TypedValues, which causes quick/unset_badbase.php and quick/vec/member-ops.php to core. Do so, and fix the revealed issue.
Reviewed By: ricklavoie
Differential Revision: D26142971
fbshipit-source-id: 4e76849a7eda774c866204e6deb8436c66e8442f
Summary:
Our code for setting up arguments to native calls doesn't handle constant lval args correctly: it uses the constant value for both the type and value pointers.
The most common constant lvals are the immutable uninit and null TypedValues, which we use for member ops that are guaranteed to have no effect. The broken code above accidentally worked, because interpreting (int64_t)0 as a DataType happens to yield KindOfUninit, and uninit and null are similar enough that the behavior works out.
This coincidental situation broke in my next diff, where I have a different DataType encoding. However, we can trigger the breakage by simply using "more interesting" values for these two sentinel TypedValues, which causes quick/unset_badbase.php and quick/vec/member-ops.php to core. Do so, and fix the revealed issue.
Reviewed By: ricklavoie
Differential Revision: D26142971
fbshipit-source-id: 4e76849a7eda774c866204e6deb8436c66e8442f
| hphp/runtime/base/typed-value.cpp | diffblobblamehistory | |
| hphp/runtime/vm/jit/arg-group.cpp | diffblobblamehistory |