Fix GH-17257: SEGV ext/opcache/jit/zend_jit_vm_helpers.c

EX(opline) / opline can be stale if the IP is not stored, like in this
case on a trace enter. We always need to make sure that the opline is up
to date to make sure we don't use stale data.

Author: ndossche

ext/opcache/jit/zend_jit_ir.c

@@ -10110,20 +10110,17 @@ static int zend_jit_do_fcall(zend_jit_ctx *jit, const zend_op *opline, const zen
 					}
 				}
 			} else {
-				if (!trace || (trace->op == ZEND_JIT_TRACE_END
-				 && trace->stop == ZEND_JIT_TRACE_STOP_INTERPRETER)) {
-					ir_ref ip;
+				ir_ref ip;
 
-					if (zend_accel_in_shm(func->op_array.opcodes)) {
-						ip = ir_CONST_ADDR(func->op_array.opcodes);
-					} else {
-						if (!func_ref) {
-							func_ref = ir_LOAD_A(jit_CALL(rx, func));
-						}
-						ip = ir_LOAD_A(ir_ADD_OFFSET(func_ref, offsetof(zend_op_array, opcodes)));
+				if (zend_accel_in_shm(func->op_array.opcodes)) {
+					ip = ir_CONST_ADDR(func->op_array.opcodes);
+				} else {
+					if (!func_ref) {
+						func_ref = ir_LOAD_A(jit_CALL(rx, func));
 					}
-					jit_LOAD_IP(jit, ip);
+					ip = ir_LOAD_A(ir_ADD_OFFSET(func_ref, offsetof(zend_op_array, opcodes)));
 				}
+				jit_LOAD_IP(jit, ip);
 				if (GCC_GLOBAL_REGS) {
 					ir_CALL(IR_VOID, ir_CONST_FC_FUNC(zend_jit_copy_extra_args_helper));
 				} else {

ext/opcache/tests/jit/gh17257.phpt

@@ -0,0 +1,25 @@
+--TEST--
+GH-17257 (SEGV ext/opcache/jit/zend_jit_vm_helpers.c)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.jit_buffer_size=32M
+opcache.jit=1254
+opcache.jit_hot_func=1
+--FILE--
+<?php
+function get_const() {
+}
+function test() {
+    call_user_func('get_const', 1); // need an extra arg to trigger the issue
+}
+function main(){
+    for ($i = 0; $i < 10; $i++) {
+        test();
+    }
+    echo "Done\n";
+}
+main();
+?>
+--EXPECT--
+Done