Fixed incorrect type assumption

Fixes oss-fuzz #63809

Author: dstogov

ext/opcache/jit/zend_jit_ir.c

@@ -6446,8 +6446,14 @@ static int zend_jit_assign(zend_jit_ctx  *jit,
 			/* We have to update type of CV because it may be captured by exception backtrace or released on RETURN */
 			if ((op1_def_info & MAY_BE_ANY) == MAY_BE_LONG) {
 				jit_set_Z_TYPE_INFO(jit, op1_use_addr, IS_LONG);
+				if (JIT_G(current_frame)) {
+					SET_STACK_TYPE(JIT_G(current_frame)->stack, EX_VAR_TO_NUM(Z_OFFSET(op1_use_addr)), IS_LONG, 1);
+				}
 			} else if ((op1_def_info & MAY_BE_ANY) == MAY_BE_DOUBLE) {
 				jit_set_Z_TYPE_INFO(jit, op1_use_addr, IS_DOUBLE);
+				if (JIT_G(current_frame)) {
+					SET_STACK_TYPE(JIT_G(current_frame)->stack, EX_VAR_TO_NUM(Z_OFFSET(op1_use_addr)), IS_DOUBLE, 1);
+				}
 			} else {
 				ZEND_UNREACHABLE();
 			}

ext/opcache/tests/jit/reg_alloc_022.phpt

@@ -0,0 +1,26 @@
+--TEST--
+Register Alloction 022: Incorrect type assumption
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test() {
+	$a = $b = $x = 0; $c = null;
+    for ($i = 0; $i < 20; $i++) {
+        $x .= $b;
+        $x = $a ? $b : $c;
+        $a &= $x != $a ? $b : $c;
+        $x = $a ? $b : $c;
+        $a &= $x != $a ? $b : $c;
+        $x != $a ?: $c;
+        $a--;
+    }
+}
+test();
+?>
+DONE
+--EXPECT--
+DONE