JIT: Fix incorrect code produced for BOOL_NOT and [double, undef] operand

Fixes oss-fuzz #41531

Author: dstogov

ext/opcache/jit/zend_jit_x86.dasc

@@ -8651,7 +8651,7 @@ static int zend_jit_bool_jmpznz(dasm_State **Dst, const zend_op *opline, uint32_
 					}
 				} else if (false_label != (uint32_t)-1) {
 					|	jmp =>false_label
-				} else if (op1_info & MAY_BE_LONG) {
+				} else if ((op1_info & MAY_BE_LONG) || (op1_info & MAY_BE_ANY) == MAY_BE_DOUBLE) {
 					|	jmp >9
 				}
 			}
@@ -8698,6 +8698,7 @@ static int zend_jit_bool_jmpznz(dasm_State **Dst, const zend_op *opline, uint32_
 	}
 
 	if ((op1_info & MAY_BE_ANY) == MAY_BE_DOUBLE) {
+		|2:
 		if (CAN_USE_AVX()) {
 			|	vxorps xmm0, xmm0, xmm0
 		} else {

ext/opcache/tests/jit/bool_not_002.phpt

@@ -0,0 +1,30 @@
+--TEST--
+JIT BOOL_NOT: 002 Incorrect function JIT for MAY_BE_DOUBLE|MAY_BE_UNDEF
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.protect_memory=1
+--FILE--
+<?php
+function test() {
+	$j = 2;
+    for ($i = 0; $i < 10;
+    	$a = !$i + $c[0] = 0xfff0001/34028236692903846346336*6) {
+	    $a =!$a + $a &= 74444444 - 444 >> 4 - $j++;
+        if ($j > 14) break;
+    }
+}
+test();
+?>
+--EXPECTF--
+Warning: Undefined variable $a in %sbool_not_002.php on line 6
+
+Warning: Undefined variable $a in %sbool_not_002.php on line 6
+
+Fatal error: Uncaught ArithmeticError: Bit shift by negative number in %sbool_not_002.php:6
+Stack trace:
+#0 %sbool_not_002.php(10): test()
+#1 {main}
+  thrown in %sbool_not_002.php on line 6