From 9ce388b41b05ac9ef5d5d2da0b231caa43adf526 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Mon, 27 Sep 2021 20:05:50 +0300
Subject: [PATCH] JIT: Fixed missed zval type initialization

---
 ext/opcache/jit/zend_jit_x86.dasc      |  8 ++++++
 ext/opcache/tests/jit/inc_obj_001.phpt | 35 ++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 ext/opcache/tests/jit/inc_obj_001.phpt

diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
index 9ad7b62758a..19fc48a11a5 100644
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -13528,30 +13528,38 @@ static int zend_jit_incdec_obj(dasm_State          **Dst,
 			|.if X64
 				|	mov64 rax, 0x43e0000000000000
 				|	SET_ZVAL_LVAL var_addr, rax
+				|	SET_ZVAL_TYPE_INFO var_addr, IS_DOUBLE
 				if (opline->opcode == ZEND_PRE_INC_OBJ && opline->result_type != IS_UNUSED) {
 					|	SET_ZVAL_LVAL res_addr, rax
+					|	SET_ZVAL_TYPE_INFO res_addr, IS_DOUBLE
 				}
 			|.else
 				|	SET_ZVAL_LVAL var_addr, 0
 				|	SET_ZVAL_W2 var_addr, 0x41e00000
+				|	SET_ZVAL_TYPE_INFO var_addr, IS_DOUBLE
 				if (opline->opcode == ZEND_PRE_INC_OBJ && opline->result_type != IS_UNUSED) {
 					|	SET_ZVAL_LVAL res_addr, 0
 					|	SET_ZVAL_W2 res_addr, 0x41e00000
+					|	SET_ZVAL_TYPE_INFO res_addr, IS_DOUBLE
 				}
 			|.endif
 		} else {
 			|.if X64
 				|	mov64 rax, 0xc3e0000000000000
 				|	SET_ZVAL_LVAL var_addr, rax
+				|	SET_ZVAL_TYPE_INFO var_addr, IS_DOUBLE
 				if (opline->opcode == ZEND_PRE_DEC_OBJ && opline->result_type != IS_UNUSED) {
 					|	SET_ZVAL_LVAL res_addr, rax
+					|	SET_ZVAL_TYPE_INFO res_addr, IS_DOUBLE
 				}
 			|.else
 				|	SET_ZVAL_LVAL var_addr, 0x00200000
 				|	SET_ZVAL_W2 var_addr, 0xc1e00000
+				|	SET_ZVAL_TYPE_INFO var_addr, IS_DOUBLE
 				if (opline->opcode == ZEND_PRE_DEC_OBJ && opline->result_type != IS_UNUSED) {
 					|	SET_ZVAL_LVAL res_addr, 0x00200000
 					|	SET_ZVAL_W2 res_addr, 0xc1e00000
+					|	SET_ZVAL_TYPE_INFO res_addr, IS_DOUBLE
 			}
 			|.endif
 		}
diff --git a/ext/opcache/tests/jit/inc_obj_001.phpt b/ext/opcache/tests/jit/inc_obj_001.phpt
new file mode 100644
index 00000000000..a3f109e180b
--- /dev/null
+++ b/ext/opcache/tests/jit/inc_obj_001.phpt
@@ -0,0 +1,35 @@
+--TEST--
+PRE_INC_OBJ: 001
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.protect_memory=1
+opcache.jit=function
+--FILE--
+<?php
+class Test {
+    public $prop;
+	function foo() {
+		$this->prop = PHP_INT_MAX - 5;
+		for ($i = 0; $i < 10; $i++) {
+			var_dump(++$this->prop);
+		}
+	}
+}
+
+$test = new Test;
+$test->foo();
+?>
+--EXPECTF--
+int(%d)
+int(%d)
+int(%d)
+int(%d)
+int(%d)
+float(%f)
+float(%f)
+float(%f)
+float(%f)
+float(%f)