JIT: Fix FFI pointer access through FETCH_DIM, ASSIGN_DIM

dstogov · dstogov · commit a03cb1373441 · 2024-06-07T12:45:00.000+03:00
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -12443,6 +12443,11 @@ static int zend_jit_ffi_fetch_dim_read(zend_jit_ctx       *jit,
 
 	ir_ref obj_ref = jit_Z_PTR(jit, op1_addr);
 	ir_ref cdata_ref = ir_LOAD_A(ir_ADD_OFFSET(obj_ref, offsetof(zend_ffi_cdata, ptr)));
+
+	if (op1_ffi_type->kind == ZEND_FFI_TYPE_POINTER) {
+		cdata_ref = ir_LOAD_A(cdata_ref);
+	}
+
 	ir_ref ptr = ir_ADD_A(cdata_ref, ir_MUL_L(jit_Z_LVAL(jit, op2_addr), ir_CONST_LONG(el_type->size)));
 
 	switch (el_type->kind) {
@@ -13181,6 +13186,11 @@ static int zend_jit_ffi_assign_dim(zend_jit_ctx  *jit,
 
 	ir_ref obj_ref = jit_Z_PTR(jit, op1_addr);
 	ir_ref cdata_ref = ir_LOAD_A(ir_ADD_OFFSET(obj_ref, offsetof(zend_ffi_cdata, ptr)));
+
+	if (op1_ffi_type->kind == ZEND_FFI_TYPE_POINTER) {
+		cdata_ref = ir_LOAD_A(cdata_ref);
+	}
+
 	ir_ref ptr = ir_ADD_A(cdata_ref, ir_MUL_L(jit_Z_LVAL(jit, op2_addr), ir_CONST_LONG(el_type->size)));
 
 	ZEND_ASSERT(!res_addr);
@@ -13644,6 +13654,11 @@ static int zend_jit_ffi_assign_dim_op(zend_jit_ctx   *jit,
 
 	ir_ref obj_ref = jit_Z_PTR(jit, op1_addr);
 	ir_ref cdata_ref = ir_LOAD_A(ir_ADD_OFFSET(obj_ref, offsetof(zend_ffi_cdata, ptr)));
+
+	if (op1_ffi_type->kind == ZEND_FFI_TYPE_POINTER) {
+		cdata_ref = ir_LOAD_A(cdata_ref);
+	}
+
 	ir_ref ptr = ir_ADD_A(cdata_ref, ir_MUL_L(jit_Z_LVAL(jit, op2_addr), ir_CONST_LONG(el_type->size)));
 
 	if (!zend_jit_ffi_assign_op_helper(jit, opline, opline->extended_value,
