JIT: Fixed memory leak

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -7432,6 +7432,16 @@ int ZEND_FASTCALL zend_jit_trace_exit(uint32_t exit_num, zend_jit_registers_buf
 		}
 	}
 
+	if (repeat_last_opline) {
+		EX(opline) = t->exit_info[exit_num].opline - 1;
+		if ((EX(opline)->op1_type & (IS_VAR|IS_TMP_VAR))
+		 && !(t->exit_info[exit_num].flags & ZEND_JIT_EXIT_FREE_OP1)
+		 && EX(opline)->opcode != ZEND_FETCH_LIST_R) {
+			Z_TRY_ADDREF_P(EX_VAR(EX(opline)->op1.var));
+		}
+		return 1;
+	}
+
 	opline = t->exit_info[exit_num].opline;
 
 	if (opline) {
@@ -7496,11 +7506,6 @@ int ZEND_FASTCALL zend_jit_trace_exit(uint32_t exit_num, zend_jit_registers_buf
 			EX(opline)->lineno);
 	}
 
-	if (repeat_last_opline) {
-		EX(opline) = t->exit_info[exit_num].opline - 1;
-		return (EX(opline) == t->opline);
-	}
-
 	if (t->exit_info[exit_num].flags & ZEND_JIT_EXIT_TO_VM) {
 		if (zend_jit_trace_exit_is_bad(trace_num, exit_num)) {
 			zend_jit_blacklist_trace_exit(trace_num, exit_num);

ext/opcache/tests/jit/fetch_dim_r_006.phpt

@@ -0,0 +1,28 @@
+--TEST--
+JIT FETCH_DIM_R: 006
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test() {
+	$a['x'][1] = true;
+	for ($i = 0; $i < 3; $i++) {
+		var_dump($a['x'][0]);
+	}
+}
+test();
+?>
+DONE
+--EXPECTF--
+Warning: Undefined array key 0 in %sfetch_dim_r_006.php on line 5
+NULL
+
+Warning: Undefined array key 0 in %sfetch_dim_r_006.php on line 5
+NULL
+
+Warning: Undefined array key 0 in %sfetch_dim_r_006.php on line 5
+NULL
+DONE