From b9a64c5e344e2db2ebac0294a423d9e5d04764f7 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 15 Oct 2024 15:37:30 +0300
Subject: [PATCH] Fix GH-16358: Segmentation fault (access null pointer) in
 Zend/zend_operators.c:2495

---
 ext/opcache/jit/zend_jit_ir.c      |  2 ++
 ext/opcache/tests/jit/gh16358.phpt | 20 ++++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 ext/opcache/tests/jit/gh16358.phpt

diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
index 7846731d420..e4a66a6743d 100644
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@@ -9108,6 +9108,7 @@ static int zend_jit_init_static_method_call(zend_jit_ctx         *jit,
 			if (fn->common.scope == op_array->scope
 			 || (fn->common.fn_flags & ZEND_ACC_PUBLIC)
 			 || ((fn->common.fn_flags & ZEND_ACC_PROTECTED)
+			  && op_array->scope
 			  && instanceof_function_slow(op_array->scope, fn->common.scope))) {
 				func = fn;
 			}
@@ -15823,6 +15824,7 @@ static int zend_jit_fetch_static_prop(zend_jit_ctx *jit, const zend_op *opline,
 				if (prop_info->ce == op_array->scope
 				 || (prop_info->flags & ZEND_ACC_PUBLIC)
 				 || ((prop_info->flags & ZEND_ACC_PROTECTED)
+				  && op_array->scope
 				  && instanceof_function_slow(op_array->scope, prop_info->ce))) {
 					known_prop_info = prop_info;
 				}
diff --git a/ext/opcache/tests/jit/gh16358.phpt b/ext/opcache/tests/jit/gh16358.phpt
new file mode 100644
index 00000000000..7a595176d8e
--- /dev/null
+++ b/ext/opcache/tests/jit/gh16358.phpt
@@ -0,0 +1,20 @@
+--TEST--
+GH-16358 (Segmentation fault (access null pointer) in Zend/zend_operators.c:2495)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.jit=1214
+opcache.jit_buffer_size=64M
+--FILE--
+<?php
+class test_class {
+static protected function test_func4() {
+}
+}
+if (is_callable(array('test_class','test_func4'))) {
+test_class::test_func4();
+}
+?>
+OK
+--EXPECT--
+OK