Merge branch 'PHP-8.3'

* PHP-8.3:
  Fix zend_jit_undefined_long_key overwriting dim when dim == result

ext/opcache/jit/zend_jit_vm_helpers.c

@@ -200,7 +200,6 @@ void ZEND_FASTCALL zend_jit_undefined_long_key(EXECUTE_DATA_D)
 	zval *result = EX_VAR(opline->result.var);
 	zval *dim;
 
-	ZVAL_NULL(result);
 	if (opline->op2_type == IS_CONST) {
 		dim = RT_CONSTANT(opline, opline->op2);
 	} else {
@@ -208,6 +207,7 @@ void ZEND_FASTCALL zend_jit_undefined_long_key(EXECUTE_DATA_D)
 	}
 	ZEND_ASSERT(Z_TYPE_P(dim) == IS_LONG);
 	zend_error(E_WARNING, "Undefined array key " ZEND_LONG_FMT, Z_LVAL_P(dim));
+	ZVAL_NULL(result);
 }
 
 void ZEND_FASTCALL zend_jit_undefined_string_key(EXECUTE_DATA_D)
@@ -217,7 +217,6 @@ void ZEND_FASTCALL zend_jit_undefined_string_key(EXECUTE_DATA_D)
 	zval *dim;
 	zend_ulong lval;
 
-	ZVAL_NULL(result);
 	if (opline->op2_type == IS_CONST) {
 		dim = RT_CONSTANT(opline, opline->op2);
 	} else {
@@ -229,6 +228,7 @@ void ZEND_FASTCALL zend_jit_undefined_string_key(EXECUTE_DATA_D)
 	} else {
 		zend_error(E_WARNING, "Undefined array key \"%s\"", Z_STRVAL_P(dim));
 	}
+	ZVAL_NULL(result);
 }
 
 ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_jit_profile_helper(ZEND_OPCODE_HANDLER_ARGS)

ext/opcache/tests/jit/oss-fuzz-64727.phpt

@@ -0,0 +1,27 @@
+--TEST--
+oss-fuzz #64727
+--INI--
+opcache.enable_cli=1
+opcache.jit_buffer_size=64M
+opcache.jit=function
+--EXTENSIONS--
+opcache
+--FILE--
+<?php
+function test(){
+    $a = null;
+    $b = null;
+    for($i = 0; $i < 2; $i++){
+        $a = $a + $b;
+        var_dump($a);
+        $a = @[3][$a];
+        var_dump($a);
+    }
+}
+test();
+?>
+--EXPECT--
+int(0)
+int(3)
+int(3)
+NULL