JIT: Fixed memory leak

Author: dstogov

ext/opcache/jit/zend_jit_helpers.c

@@ -1369,7 +1369,7 @@ static void ZEND_FASTCALL zend_jit_fast_assign_concat_helper(zval *op1, zval *op
 
 	do {
 		if (Z_REFCOUNTED_P(op1)) {
-			if (GC_REFCOUNT(Z_STR_P(op1)) == 1) {
+			if (GC_REFCOUNT(Z_STR_P(op1)) == 1 && EXPECTED(Z_STR_P(op1) != Z_STR_P(op2))) {
 				result_str = perealloc(Z_STR_P(op1), ZEND_MM_ALIGNED_SIZE(_ZSTR_STRUCT_SIZE(result_len)), 0);
 				ZSTR_LEN(result_str) = result_len;
 				zend_string_forget_hash_val(result_str);

ext/opcache/jit/zend_jit_x86.dasc

@@ -5323,6 +5323,8 @@ static int zend_jit_concat_helper(dasm_State    **Dst,
 			}
 			|	LOAD_ZVAL_ADDR FCARG2a, op2_addr
 			|	EXT_CALL zend_jit_fast_assign_concat_helper, r0
+			/* concatination with itself may reduce refcount */
+			op2_info |= MAY_BE_RC1;
 		} else {
 			if (Z_REG(res_addr) != ZREG_FCARG1a || Z_OFFSET(res_addr) != 0) {
 				|	LOAD_ZVAL_ADDR FCARG1a, res_addr

ext/opcache/tests/jit/assign_op_006.phpt

@@ -0,0 +1,19 @@
+--TEST--
+JIT ASSIGN_OP: 006 concationation with itself
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test($a) {
+    for ($i = 0; $i < 2; $i++) {
+        $a .= $a = $a;
+    }
+}
+test("");
+?>
+DONE
+--EXPECT--
+DONE