Fix memory leak

dstogov · dstogov · commit 3a8912fb7c97 · 2022-05-30T11:32:17.000+03:00
This fixes oss-fuzz #47648
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -6183,7 +6183,7 @@ static int zend_jit_assign_to_typed_ref(dasm_State         **Dst,
 		|	// if (UNEXPECTED(EG(exception) != NULL)) {
 		|	MEM_OP2_1_ZTS cmp, aword, executor_globals, exception, 0, r0
 		|	je >8  // END OF zend_jit_assign_to_variable()
-		|	jmp ->exception_handler_undef
+		|	jmp ->exception_handler
 	} else {
 		|	jmp >8
 	}
diff --git a/ext/opcache/tests/jit/assign_053.phpt b/ext/opcache/tests/jit/assign_053.phpt
@@ -0,0 +1,26 @@
+--TEST--
+JIT ASSIGN: memory leak
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.protect_memory=1
+--FILE--
+<?php
+class Test {
+    public string $x;
+}
+$test=new Test;
+$test->x = " $y ";
+$r = &$test->x + ($r = $y);
+?>
+--EXPECTF--
+Warning: Undefined variable $y in %sassign_053.php on line 6
+
+Warning: Undefined variable $y in %sassign_053.php on line 7
+
+Fatal error: Uncaught TypeError: Cannot assign null to reference held by property Test::$x of type string in %sassign_053.php:7
+Stack trace:
+#0 {main}
+  thrown in %sassign_053.php on line 7

Original file line number	Diff line number	Diff line change
`@@ -6183,7 +6183,7 @@ static int zend_jit_assign_to_typed_ref(dasm_State **Dst,`
`6183`	`6183`	`\| // if (UNEXPECTED(EG(exception) != NULL)) {`
`6184`	`6184`	`\| MEM_OP2_1_ZTS cmp, aword, executor_globals, exception, 0, r0`
`6185`	`6185`	`\| je >8 // END OF zend_jit_assign_to_variable()`
`6186`		`- \| jmp ->exception_handler_undef`
	`6186`	`+ \| jmp ->exception_handler`
`6187`	`6187`	`} else {`
`6188`	`6188`	`\| jmp >8`
`6189`	`6189`	`}`