Fix jump after zend_jit_invalid_property_assign()

This is supposed to go to the FREE_OP_DATA, currently it crashes.

Author: nikic

ext/opcache/jit/zend_jit_x86.dasc

@@ -13620,7 +13620,7 @@ static int zend_jit_assign_obj_op(dasm_State          **Dst,
 				}
 				if (((opline+1)->op1_type & (IS_VAR|IS_TMP_VAR))
 				 && (val_info & (MAY_BE_REF|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
-					|	jmp >7
+					|	jmp >8
 				} else {
 					|	jmp ->exception_handler
 				}
@@ -13952,7 +13952,7 @@ static int zend_jit_assign_obj(dasm_State          **Dst,
 				}
 				if (((opline+1)->op1_type & (IS_VAR|IS_TMP_VAR))
 				 && (val_info & (MAY_BE_REF|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
-					|	jmp >8
+					|	jmp >7
 				} else {
 					|	jmp ->exception_handler
 				}

ext/opcache/tests/jit/assign_obj_001.phpt

@@ -0,0 +1,32 @@
+--TEST--
+JIT ASSIGN_OBJ: Assign property on null
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test1($o) {
+    $o->x = new stdClass;
+}
+function test2($o) {
+    $o->x += new stdClass;
+}
+
+try {
+    test1(null);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    test2(null);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Attempt to assign property "x" on null
+Attempt to assign property "x" on null