Access null pointer in Zend/Optimizer/zend_inference.c

[YuanchengJiang]

Description

The following code:

<?php
require_once 'files/phar_oo_test.inc';
?>

Resulted in this output:

/php-src/Zend/Optimizer/zend_inference.c:5043:46: runtime error: applying non-zero offset 36 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/Zend/Optimizer/zend_inference.c:5043:46

To reproduce:

-d "zend_extension=/php-src/modules/opcache.so" -d "opcache.enable=1" -d "opcache.enable_cli=1" -d "opcache.jit=1202"

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

[ndossche]

This is the ssa_op + 1 computation. The ssa op is not actually used but we should still guard the addition with a NULL check.