Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
  Handle NULL caller_call_opline

4 files changed, 16 insertions, 6 deletions

diff --git a/ext/opcache/Optimizer/dfa_pass.c b/ext/opcache/Optimizer/dfa_pass.c
index 471328b6c5..1c4e30597a 100644
--- a/ext/opcache/Optimizer/dfa_pass.c
+++ b/ext/opcache/Optimizer/dfa_pass.c
@@ -295,8 +295,10 @@ static void zend_ssa_remove_nops(zend_op_array *op_array, zend_ssa *ssa, zend_op
 			while (call_info) {
 				call_info->caller_init_opline -=
 					shiftlist[call_info->caller_init_opline - op_array->opcodes];
-				call_info->caller_call_opline -=
-					shiftlist[call_info->caller_call_opline - op_array->opcodes];
+				if (call_info->caller_call_opline) {
+					call_info->caller_call_opline -=
+						shiftlist[call_info->caller_call_opline - op_array->opcodes];
+				}
 				call_info = call_info->next_callee;
 			}
 		}
@@ -393,7 +395,8 @@ int zend_dfa_optimize_calls(zend_op_array *op_array, zend_ssa *ssa)
 		zend_call_info *call_info = func_info->callee_info;
 
 		do {
-			if (call_info->caller_call_opline->opcode == ZEND_DO_ICALL
+			if (call_info->caller_call_opline
+			 && call_info->caller_call_opline->opcode == ZEND_DO_ICALL
 			 && call_info->callee_func
 			 && ZSTR_LEN(call_info->callee_func->common.function_name) == sizeof("in_array")-1
 			 && memcmp(ZSTR_VAL(call_info->callee_func->common.function_name), "in_array", sizeof("in_array")-1) == 0
diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c
index 6f8de3d43f..c949660d51 100644
--- a/ext/opcache/Optimizer/sccp.c
+++ b/ext/opcache/Optimizer/sccp.c
@@ -1288,7 +1288,8 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 			}
 
 			call = ctx->call_map[opline - ctx->scdf.op_array->opcodes];
-			if (IS_TOP(op1) || !call || call->caller_call_opline->opcode != ZEND_DO_ICALL) {
+			if (IS_TOP(op1) || !call || !call->caller_call_opline
+					|| call->caller_call_opline->opcode != ZEND_DO_ICALL) {
 				return;
 			}
 
diff --git a/ext/opcache/Optimizer/zend_call_graph.c b/ext/opcache/Optimizer/zend_call_graph.c
index 8d677c1b86..348e55d363 100644
--- a/ext/opcache/Optimizer/zend_call_graph.c
+++ b/ext/opcache/Optimizer/zend_call_graph.c
@@ -177,6 +177,10 @@ int zend_analyze_calls(zend_arena **arena, zend_script *script, uint32_t build_f
 					call_info->num_args = -1;
 				}
 				break;
+			case ZEND_EXIT:
+				/* In this case the DO_CALL opcode may have been dropped
+				 * and caller_call_opline will be NULL. */
+				break;
 		}
 		opline++;
 	}
@@ -286,7 +290,9 @@ zend_call_info **zend_build_call_map(zend_arena **arena, zend_func_info *info, z
 	for (call = info->callee_info; call; call = call->next_callee) {
 		int i;
 		map[call->caller_init_opline - op_array->opcodes] = call;
-		map[call->caller_call_opline - op_array->opcodes] = call;
+		if (call->caller_call_opline) {
+			map[call->caller_call_opline - op_array->opcodes] = call;
+		}
 		for (i = 0; i < call->num_args; i++) {
 			if (call->arg_info[i].opline) {
 				map[call->arg_info[i].opline - op_array->opcodes] = call;
diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c
index 82d17a9b9c..eeec206c0c 100644
--- a/ext/opcache/Optimizer/zend_inference.c
+++ b/ext/opcache/Optimizer/zend_inference.c
@@ -4355,7 +4355,7 @@ void zend_inference_check_recursive_dependencies(zend_op_array *op_array)
 	memset(worklist, 0, sizeof(zend_ulong) * worklist_len);
 	call_info = info->callee_info;
 	while (call_info) {
-		if (call_info->recursive &&
+		if (call_info->recursive && call_info->caller_call_opline &&
 		    info->ssa.ops[call_info->caller_call_opline - op_array->opcodes].result_def >= 0) {
 			zend_bitset_incl(worklist, info->ssa.ops[call_info->caller_call_opline - op_array->opcodes].result_def);
 		}