Fixed IR construction

dstogov · dstogov · commit 3a3d83625b30 · 2023-11-07T13:25:09.000+03:00
Fixes oss-fuzz #63857
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -12123,6 +12123,8 @@ static int zend_jit_fetch_dim_read(zend_jit_ctx       *jit,
 			ir_MERGE_list(not_found_inputs);
 			jit_set_Z_TYPE_INFO(jit, res_addr, IS_NULL);
 			ir_END_list(end_inputs);
+		} else if (!end_inputs && jit->ctx.control) {
+			ir_END_list(end_inputs); /* dead code */
 		}
 	}
 
diff --git a/ext/opcache/tests/jit/fetch_dim_r_017.phpt b/ext/opcache/tests/jit/fetch_dim_r_017.phpt
@@ -0,0 +1,26 @@
+--TEST--
+JIT FETCH_DIM_R: 017
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test() {
+	$j = 0;
+    for ($i = 0; $i < 20; $i++) {
+		$obj->prop0 = $a =! --$a > $a =! --$a + $a = ($array[$a]);
+        $obj->prop0 = $a =! --$a > $a =! --$a + $a = ($array[$a]);
+        $array = array(312 > 0);
+        $a = ($array[$a]);
+    }
+}
+try {
+	@test();
+} catch (Throwable $ex) {
+}
+?>
+DONE
+--EXPECT--
+DONE

Original file line number	Diff line number	Diff line change
`@@ -12123,6 +12123,8 @@ static int zend_jit_fetch_dim_read(zend_jit_ctx *jit,`
`12123`	`12123`	`ir_MERGE_list(not_found_inputs);`
`12124`	`12124`	`jit_set_Z_TYPE_INFO(jit, res_addr, IS_NULL);`
`12125`	`12125`	`ir_END_list(end_inputs);`
	`12126`	`+ } else if (!end_inputs && jit->ctx.control) {`
	`12127`	`+ ir_END_list(end_inputs); /* dead code */`
`12126`	`12128`	`}`
`12127`	`12129`	`}`
`12128`	`12130`