JIT: Fix register allocation

Fixes oss-fuzz #43598

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -3075,7 +3075,9 @@ static zend_lifetime_interval** zend_jit_trace_allocate_registers(zend_jit_trace
 						intervals[use]->used_as_hint = NULL;
 						intervals[use]->list_next = NULL;
 					}
-				} else if (intervals[use] && !ssa->vars[phi->ssa_var].no_val) {
+				} else if (intervals[use]
+						&& (!ssa->vars[def].no_val
+							|| ssa->var_info[def].type != ssa->var_info[use].type)) {
 					if (ssa->vars[use].use_chain >= 0) {
 						intervals[use]->flags |= ZREG_STORE;
 					} else {

ext/opcache/tests/jit/reg_alloc_006.phpt

@@ -0,0 +1,34 @@
+--TEST--
+Register Alloction 006: Incorrect type store elimination
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function foo() {
+	$a = 0;
+    for($i=0; $i < 6; $i++) {
+        $y - $b = $a ? $b : $y;
+        $a = $b = 7;
+     }
+}
+foo()
+?>
+DONE
+--EXPECTF--
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+
+Warning: Undefined variable $y in %sreg_alloc_006.php on line 5
+DONE