Fix GH-17428: Assertion failure ext/opcache/jit/zend_jit_ir.c:8940

The code to update the call_level in that case skips the opline itself,
as that's handled by the tail handler, and then wants to set the opline
to the last opline of the block because the code below the switch will
update the call_level for that opline.
However, the test has a block with a single opline (THROW). The block
after that has ZEND_INIT_FCALL, because `i` points to ZEND_INIT_FCALL
now, it erroneously causes the call_level after the switch.
Although it suffices to change `i` to `end` (none of the opcodes here
occur in `zend_jit_dec_call_level`), I added a goto label as well to be
safer for the future in case the list of opcodes changes.

Author: nielsdos

ext/opcache/jit/zend_jit.c

@@ -2622,19 +2622,18 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 					/* THROW and EXIT may be used in the middle of BB */
 					/* don't generate code for the rest of BB */
 
-					/* Skip current opline for call_level computation
-					 * Don't include last opline because end of loop already checks call level of last opline */
+					/* Skip current opline for call_level computation. */
 					i++;
-					for (; i < end; i++) {
+					for (; i <= end; i++) {
 						opline = op_array->opcodes + i;
 						if (zend_jit_inc_call_level(opline->opcode)) {
 							call_level++;
 						} else if (zend_jit_dec_call_level(opline->opcode)) {
 							call_level--;
 						}
 					}
-					opline = op_array->opcodes + i;
-					break;
+					opline = op_array->opcodes + end;
+					goto done_no_dec_call_level;
 				/* stackless execution */
 				case ZEND_INCLUDE_OR_EVAL:
 				case ZEND_DO_FCALL:
@@ -2727,6 +2726,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 			if (zend_jit_dec_call_level(opline->opcode)) {
 				call_level--;
 			}
+done_no_dec_call_level:;
 		}
 		zend_jit_bb_end(&ctx, b);
 	}

ext/opcache/tests/jit/gh17428.phpt

@@ -0,0 +1,35 @@
+--TEST--
+GH-17428 (Assertion failure ext/opcache/jit/zend_jit_ir.c:8940)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.jit=1205
+--FILE--
+<?php
+new EmptyIterator();
+srand(1000);
+error_reporting(E_ALL);
+testConversion('', '');
+testConversion('', '');
+testConversion('', '');
+testConversion('', '');
+testConversion('', '');
+function testRoundTrip($data) {
+}
+for ($iterations = 0; $iterations < 100; $iterations++) {
+    $strlen = rand(1, 100);
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $randstring = '';
+    for ($i = 0; $i < $strlen; $i++) {
+        $randstring .= $characters[rand(0, strlen($characters) - 1)];
+    }
+    die($randstring);
+}
+echo "Done!\n";
+throw new Hello(new stdClass);
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Call to undefined function testConversion() in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d