From 4ba5699903cedbbf89d6322856bb79b670dbc90d Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Mon, 2 Oct 2023 15:20:13 +0200
Subject: [PATCH] Fix invalid returned opcode for memoized expressions

Closes GH-12345
---
 NEWS                                | 1 +
 Zend/tests/assign_coalesce_009.phpt | 8 ++++++++
 Zend/zend_compile.c                 | 3 ++-
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 Zend/tests/assign_coalesce_009.phpt

diff --git a/NEWS b/NEWS
index bfc2580134f..a02ba04c8a4 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
+  . Fixed buffer underflow when compiling memoized expression. (ilutov)
 
 - CType:
   . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
diff --git a/Zend/tests/assign_coalesce_009.phpt b/Zend/tests/assign_coalesce_009.phpt
new file mode 100644
index 00000000000..227a360e322
--- /dev/null
+++ b/Zend/tests/assign_coalesce_009.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Invalid opcode returned from zend_compile_var_inner() for memoized expression
+--FILE--
+<?php
+strlen("foo")[0] ??= 123;
+?>
+--EXPECTF--
+Fatal error: Cannot use result of built-in function in write context in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 9edd451383e..87bfd0b1e94 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -10616,7 +10616,8 @@ static zend_op *zend_compile_var_inner(znode *result, zend_ast *ast, uint32_t ty
 			case ZEND_AST_NULLSAFE_METHOD_CALL:
 			case ZEND_AST_STATIC_CALL:
 				zend_compile_memoized_expr(result, ast);
-				return &CG(active_op_array)->opcodes[CG(active_op_array)->last - 1];
+				/* This might not actually produce an opcode, e.g. for expressions evaluated at comptime. */
+				return NULL;
 		}
 	}