Fix type narrowing warning during type inference of ZEND_FETCH_DIM_W

Fixes oss-fuzz #45820

Author: dstogov

ext/opcache/Optimizer/zend_inference.c

@@ -3294,11 +3294,12 @@ static zend_always_inline int _zend_update_type_info(
 						ZEND_ASSERT(j < 0 && "There should only be one use");
 					}
 				}
-				if ((tmp & MAY_BE_ARRAY) && (tmp & MAY_BE_ARRAY_KEY_ANY)) {
+				if (((tmp & MAY_BE_ARRAY) && (tmp & MAY_BE_ARRAY_KEY_ANY)) || opline->opcode == ZEND_FETCH_DIM_FUNC_ARG) {
 					UPDATE_SSA_TYPE(tmp, ssa_op->op1_def);
 				} else {
 					/* invalid key type */
-					tmp = (tmp & (MAY_BE_RC1|MAY_BE_RCN)) | (t1 & ~(MAY_BE_RC1|MAY_BE_RCN));
+					tmp = (tmp & (MAY_BE_RC1|MAY_BE_RCN|MAY_BE_ARRAY)) |
+						(t1 & ~(MAY_BE_RC1|MAY_BE_RCN|MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_FALSE));
 					UPDATE_SSA_TYPE(tmp, ssa_op->op1_def);
 				}
 				COPY_SSA_OBJ_TYPE(ssa_op->op1_use, ssa_op->op1_def);

ext/opcache/tests/opt/inference_004.phpt

@@ -0,0 +1,18 @@
+--TEST--
+Type inference 004: Type narrowing warning during type inference of ZEND_FETCH_DIM_W
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+function y() {
+    for(;;){
+        $arr[]->y = c;
+        $arr = c;
+    }
+}
+?>
+DONE
+--EXPECT--
+DONE