diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c index e4b68d23520c8..beab53894a1b8 100644 --- a/ext/opcache/jit/zend_jit_ir.c +++ b/ext/opcache/jit/zend_jit_ir.c @@ -7204,9 +7204,9 @@ static int zend_jit_cmp(zend_jit_ctx *jit, while (n) { n--; - ir_IF_TRUE(end_inputs->refs[n]); + jit_IF_TRUE_FALSE_ex(jit, end_inputs->refs[n], label); ir_END_list(true_inputs); - ir_IF_FALSE(end_inputs->refs[n]); + jit_IF_TRUE_FALSE_ex(jit, end_inputs->refs[n], label2); ir_END_list(false_inputs); } ir_MERGE_list(true_inputs); diff --git a/ext/opcache/tests/jit/gh16984.phpt b/ext/opcache/tests/jit/gh16984.phpt new file mode 100644 index 0000000000000..8432959c41027 --- /dev/null +++ b/ext/opcache/tests/jit/gh16984.phpt @@ -0,0 +1,41 @@ +--TEST-- +GH-16984 (function JIT overflow bug) +--EXTENSIONS-- +opcache +--SKIPIF-- + +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=32M +opcache.jit=function +--FILE-- +foo($value); + if ($val <= PHP_INT_MAX) { + $test->integer = $val; + } +} + +function main() { + $test = new Test; + foo($test, 9223372036854775806); + foo($test, 9223372036854775807); // Also reproduces without this call, but this imitates the psalm code + var_dump($test->integer); +} + +main(); +?> +--EXPECT-- +int(9223372036854775807)