From b5f8a7270a9ba3544fcc713aad8f8fa17795caca Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Mon, 31 Jul 2023 14:50:13 +0300
Subject: [PATCH] Fixed incorrect QM_ASSIGN elimination

 Fixes OSS Fuzz #60895
---
 Zend/Optimizer/block_pass.c               |  3 ++-
 ext/opcache/tests/opt/block_pass_005.phpt | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 ext/opcache/tests/opt/block_pass_005.phpt

diff --git a/Zend/Optimizer/block_pass.c b/Zend/Optimizer/block_pass.c
index 4d5c951d3df..72441c000e6 100644
--- a/Zend/Optimizer/block_pass.c
+++ b/Zend/Optimizer/block_pass.c
@@ -174,7 +174,8 @@ static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array
 					 && opline->opcode != ZEND_MATCH
 					 && zend_optimizer_update_op1_const(op_array, opline, &c)) {
 						VAR_SOURCE(op1) = NULL;
-						if (!zend_bitset_in(used_ext, VAR_NUM(src->result.var))) {
+						if (opline->opcode != ZEND_JMP_NULL
+						 && !zend_bitset_in(used_ext, VAR_NUM(src->result.var))) {
 							literal_dtor(&ZEND_OP1_LITERAL(src));
 							MAKE_NOP(src);
 						}
diff --git a/ext/opcache/tests/opt/block_pass_005.phpt b/ext/opcache/tests/opt/block_pass_005.phpt
new file mode 100644
index 00000000000..d57fe22d71b
--- /dev/null
+++ b/ext/opcache/tests/opt/block_pass_005.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Block Pass 005: Inorrect QM_ASSIGN elimination
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--EXTENSIONS--
+opcache
+--FILE--
+<?php
+y??(1?4:y)?->y;
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Undefined constant "y" in %sblock_pass_005.php:2
+Stack trace:
+#0 {main}
+  thrown in %sblock_pass_005.php on line 2