Merge branch 'PHP-8.3'

dstogov · dstogov · commit b2eff1f2ce97 · 2024-09-23T17:13:47.000+03:00
* PHP-8.3: Fix GH-15973: Segmentation fault in JIT mode 1135 (#16006)
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -13740,7 +13740,9 @@ static int zend_jit_load_this(zend_jit_ctx *jit, uint32_t var)
 
 static int zend_jit_fetch_this(zend_jit_ctx *jit, const zend_op *opline, const zend_op_array *op_array, bool check_only)
 {
-	if (!op_array->scope || (op_array->fn_flags & ZEND_ACC_STATIC)) {
+	if (!op_array->scope ||
+			(op_array->fn_flags & ZEND_ACC_STATIC) ||
+			((op_array->fn_flags & (ZEND_ACC_CLOSURE|ZEND_ACC_IMMUTABLE)) == ZEND_ACC_CLOSURE)) {
 		if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE) {
 			if (!JIT_G(current_frame) ||
 			    !TRACE_FRAME_IS_THIS_CHECKED(JIT_G(current_frame))) {
diff --git a/ext/opcache/tests/jit/gh15973.phpt b/ext/opcache/tests/jit/gh15973.phpt
@@ -0,0 +1,24 @@
+--TEST--
+GH-15973 (Segmentation fault in JIT mode 1135)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.jit=1215
+opcache.jit_buffer_size=64M
+--FILE--
+<?php
+class Test {
+}
+$appendProp2 = (function() {
+$this->prop[] = 1;
+})->bindTo($test, Test::class);
+$appendProp2();
+?>
+--EXPECTF--
+Warning: Undefined variable $test in %sgh15973.php on line 6
+
+Fatal error: Uncaught Error: Using $this when not in object context in %sgh15973.php:5
+Stack trace:
+#0 %sgh15973.php(7): Test::{closure:%s}()
+#1 {main}
+  thrown in %sgh15973.php on line 5
