Fix updating of labels when killing jump

iluuu1994 · iluuu1994 · commit 8a4a6f0f8d31 · 2025-11-21T22:35:08.000+01:00
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -6729,28 +6729,36 @@ static void zend_pm_kill_last_op_if_jmp(zend_pm_context *context)
 {
 	zend_op_array *op_array = CG(active_op_array);
 	zend_op *opline = &op_array->opcodes[op_array->last - 1];
-
-#if ZEND_DEBUG
 	uint32_t *labels = zend_stack_base(&context->labels);
 	uint32_t label_lower_bound = -zend_stack_count(&context->labels);
-#endif
 
+	uint32_t label_idx;
 	switch (opline->opcode) {
 		case ZEND_JMP:
-#if ZEND_DEBUG
-			ZEND_ASSERT(opline->op1.opline_num >= label_lower_bound && labels[-opline->op1.opline_num] == op_array->last);
-#endif
-			MAKE_NOP(opline);
-			op_array->last--;
+			label_idx = opline->op1.opline_num;
 			break;
 		case ZEND_JMPZ_EX:
 		case ZEND_JMPNZ_EX:
-#if ZEND_DEBUG
-			ZEND_ASSERT(opline->op2.opline_num >= label_lower_bound && labels[-opline->op2.opline_num] == op_array->last);
-#endif
-			MAKE_NOP(opline);
-			op_array->last--;
+			label_idx = opline->op2.opline_num;
 			break;
+		default:
+			return;
+	}
+
+	ZEND_ASSERT(label_idx >= label_lower_bound);
+	uint32_t label_target = labels[-label_idx];
+	ZEND_ASSERT(label_target == op_array->last);
+
+	MAKE_NOP(opline);
+	op_array->last--;
+
+	uint32_t *label = labels;
+	uint32_t *label_end = zend_stack_top(&context->labels);
+	while (label <= label_end) {
+		if (*label == label_target) {
+			(*label)--;
+		}
+		label++;
 	}
 }
 
