From 3a3d83625b3021948f772467a832c3ea1264e0e9 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 7 Nov 2023 13:25:09 +0300
Subject: [PATCH] Fixed IR construction

Fixes oss-fuzz #63857
---
 ext/opcache/jit/zend_jit_ir.c              |  2 ++
 ext/opcache/tests/jit/fetch_dim_r_017.phpt | 26 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 ext/opcache/tests/jit/fetch_dim_r_017.phpt

diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
index 5e90975a785..e646bdb85a5 100644
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@@ -12123,6 +12123,8 @@ static int zend_jit_fetch_dim_read(zend_jit_ctx       *jit,
 			ir_MERGE_list(not_found_inputs);
 			jit_set_Z_TYPE_INFO(jit, res_addr, IS_NULL);
 			ir_END_list(end_inputs);
+		} else if (!end_inputs && jit->ctx.control) {
+			ir_END_list(end_inputs); /* dead code */
 		}
 	}
 
diff --git a/ext/opcache/tests/jit/fetch_dim_r_017.phpt b/ext/opcache/tests/jit/fetch_dim_r_017.phpt
new file mode 100644
index 00000000000..9a8fdb70572
--- /dev/null
+++ b/ext/opcache/tests/jit/fetch_dim_r_017.phpt
@@ -0,0 +1,26 @@
+--TEST--
+JIT FETCH_DIM_R: 017
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test() {
+	$j = 0;
+    for ($i = 0; $i < 20; $i++) {
+		$obj->prop0 = $a =! --$a > $a =! --$a + $a = ($array[$a]);
+        $obj->prop0 = $a =! --$a > $a =! --$a + $a = ($array[$a]);
+        $array = array(312 > 0);
+        $a = ($array[$a]);
+    }
+}
+try {
+	@test();
+} catch (Throwable $ex) {
+}
+?>
+DONE
+--EXPECT--
+DONE