From 07401b3f854ab0aff6c4cd17a1b52a77e6d316d2 Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Thu, 28 May 2026 14:49:07 +0200 Subject: [PATCH] Guard JIT blacklist rewrite to tracing JIT metadata --- zend_abstract_interface/jit_utils/jit_blacklist.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/zend_abstract_interface/jit_utils/jit_blacklist.c b/zend_abstract_interface/jit_utils/jit_blacklist.c index 8fda9c44e91..91f2f546b32 100644 --- a/zend_abstract_interface/jit_utils/jit_blacklist.c +++ b/zend_abstract_interface/jit_utils/jit_blacklist.c @@ -94,6 +94,10 @@ typedef union _zend_op_trace_info { #define ZEND_FUNC_INFO(op_array) \ ((zend_func_info*)((op_array)->reserved[zend_func_info_rid])) +#if !defined(ZEND_FUNC_JIT_ON_HOT_TRACE) +#define ZEND_FUNC_JIT_ON_HOT_TRACE (1u << 16) +#endif + static void *opcache_handle; static void zai_jit_find_opcache_handle(void *ext) { zend_extension *extension = (zend_extension *)ext; @@ -168,7 +172,7 @@ int zai_get_zend_func_rid(zend_op_array *op_array) { } for (int i = 0; i < ZEND_MAX_RESERVED_RESOURCES; ++i) { - if (check_pointer_near(op_array->reserved, op_array->arg_info)) { + if (check_pointer_near(op_array->reserved[i], op_array->arg_info)) { return (zend_func_info_rid = i); } } @@ -192,7 +196,11 @@ void zai_jit_blacklist_function_inlining(zend_op_array *op_array) { // now in PHP < 8.1, zend_func_info_rid is set (on newer versions it's in zend_func_info.h) zend_jit_op_array_trace_extension *jit_extension = (zend_jit_op_array_trace_extension *)ZEND_FUNC_INFO(op_array); - if (!jit_extension) { + if (!jit_extension || !zai_is_mapped(jit_extension, sizeof(*jit_extension))) { + return; + } + + if (!(jit_extension->func_info.flags & ZEND_FUNC_JIT_ON_HOT_TRACE)) { return; }