JIT: Fix type store

Fixes oss-fuzz #45190

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -4642,18 +4642,16 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						}
 						CHECK_OP2_TRACE_TYPE();
 						op1_info = OP1_INFO();
-						if ((op1_info & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_GUARD)) == MAY_BE_LONG
-						 || (op1_info & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_GUARD)) == MAY_BE_DOUBLE) {
-							if (STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) != IS_LONG
-							 && STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) != IS_DOUBLE) {
-								/* type may be not set */
-								op1_info |= MAY_BE_NULL;
-						    }
-						}
 						CHECK_OP1_TRACE_TYPE();
 						op1_def_info = OP1_DEF_INFO();
 						op1_addr = OP1_REG_ADDR();
 						op1_def_addr = OP1_DEF_REG_ADDR();
+						if (Z_MODE(op1_def_addr) != IS_REG &&
+								STACK_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var)) !=
+								STACK_MEM_TYPE(stack, EX_VAR_TO_NUM(opline->op1.var))) {
+							/* type may be not set */
+							op1_info |= MAY_BE_NULL;
+						}
 						if (orig_op1_type != IS_UNKNOWN) {
 							if (orig_op1_type & IS_TRACE_REFERENCE) {
 								if (!zend_jit_fetch_reference(&dasm_state, opline, orig_op1_type, &op1_info, &op1_addr,

ext/opcache/tests/jit/reg_alloc_012.phpt

@@ -0,0 +1,22 @@
+--TEST--
+Register Alloction 012: Missed type store
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function foo($a) {
+    $b = $a;
+    $b =! $a = $a + $b & $b & $bb = $a = $a + $b & $a;
+    $a = $a + $b & $b & $b = $a;
+}
+
+for ($i = 0; $i < 3; $i++) {
+    @foo(39087589046889428661);
+}
+?>
+DONE
+--EXPECTF--
+DONE