Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Fix use-of-uninitialized-value with ??= on assert

Author: iluuu1994

NEWS

@@ -12,6 +12,7 @@ PHP                                                                        NEWS
   . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
     (ilutov)
   . Fixed line number of JMP instruction over else block. (ilutov)
+  . Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
 
 - Date:
   . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)

Zend/tests/gh11580.phpt

@@ -0,0 +1,13 @@
+--TEST--
+GH-11580: assert() with ??= operator can lead to use-of-uninitialized-value
+--INI--
+zend.assertions=0
+--FILE--
+<?php
+assert(y)[y] ??= y;
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Undefined constant "y" in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d

Zend/zend_compile.c

@@ -4095,6 +4095,10 @@ static void zend_compile_assert(znode *result, zend_ast_list *args, zend_string
 		zend_op *opline;
 		uint32_t check_op_number = get_next_op_number();
 
+		/* Assert expression may not be memoized and reused as it may not actually be evaluated. */
+		int orig_memoize_mode = CG(memoize_mode);
+		CG(memoize_mode) = ZEND_MEMOIZE_NONE;
+
 		zend_emit_op(NULL, ZEND_ASSERT_CHECK, NULL, NULL);
 
 		if (fbc && fbc_is_finalized(fbc)) {
@@ -4128,6 +4132,8 @@ static void zend_compile_assert(znode *result, zend_ast_list *args, zend_string
 		opline = &CG(active_op_array)->opcodes[check_op_number];
 		opline->op2.opline_num = get_next_op_number();
 		SET_NODE(opline->result, result);
+
+		CG(memoize_mode) = orig_memoize_mode;
 	} else {
 		if (!fbc) {
 			zend_string_release_ex(name, 0);