From f681f9075cac1ab23f040a9dbc0bf187a982bec5 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Wed, 6 Oct 2021 12:10:39 +0300
Subject: [PATCH] JIT: Fixed register clobbering

---
 ext/opcache/jit/zend_jit_x86.dasc     |  6 ++++++
 ext/opcache/tests/jit/assign_042.phpt | 28 +++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 ext/opcache/tests/jit/assign_042.phpt

diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
index 3a2f1a7bea2..a9c27172f0b 100644
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -5924,6 +5924,9 @@ static int zend_jit_simple_assign(dasm_State    **Dst,
 					|.cold_code
 					|1:
 				}
+				if (Z_REG(val_addr) == ZREG_R2) {
+					|	mov aword T1, r2 // save
+				}
 				|	// zend_refcounted *ref = Z_COUNTED_P(retval_ptr);
 				|	GET_ZVAL_PTR r2, val_addr
 				|	GC_DELREF r2
@@ -5948,6 +5951,9 @@ static int zend_jit_simple_assign(dasm_State    **Dst,
 					|	GC_ADDREF Ra(tmp_reg)
 					|2:
 				}
+				if (Z_REG(val_addr) == ZREG_R2) {
+					|	mov r2, aword T1 // restore
+				}
 				if (save_r1) {
 					|	mov aword T1, FCARG1a // save
 				}
diff --git a/ext/opcache/tests/jit/assign_042.phpt b/ext/opcache/tests/jit/assign_042.phpt
new file mode 100644
index 00000000000..4739523547d
--- /dev/null
+++ b/ext/opcache/tests/jit/assign_042.phpt
@@ -0,0 +1,28 @@
+--TEST--
+JIT ASSIGN: Assign to of reference with 1 refcount
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.protect_memory=1
+--FILE--
+<?php
+class Test {
+    public $prop;
+    function __construct() {
+        $this->prop = $this->retref();
+    }
+    function &retref() {
+        return str_repeat("a", 5);
+    }
+}
+$o = new Test();
+var_dump($o);
+?>
+--EXPECTF--
+Notice: Only variable references should be returned by reference in %sassign_042.php on line 8
+object(Test)#1 (1) {
+  ["prop"]=>
+  string(5) "aaaaa"
+}