Fixed incorrect guard elimination

Fixes oss-fuzz #64414

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -4513,7 +4513,9 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 							if (((res_info & (MAY_BE_ANY|MAY_BE_GUARD)) == (MAY_BE_LONG|MAY_BE_GUARD)
 							  || (res_info & (MAY_BE_ANY|MAY_BE_GUARD)) == (MAY_BE_DOUBLE|MAY_BE_GUARD))
 							 && has_concrete_type(op1_info)
-							 && has_concrete_type(op2_info)) {
+							 && (op1_info & (MAY_BE_LONG|MAY_BE_DOUBLE))
+							 && has_concrete_type(op2_info)
+							 && (op2_info & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
 								ssa->var_info[ssa_op->result_def].type &= ~MAY_BE_GUARD;
 							}
 						}

ext/opcache/tests/jit/mul_010.phpt

@@ -0,0 +1,32 @@
+--TEST--
+JIT MUL: 010 incorrect guard elimination
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+--FILE--
+<?php
+function test() {
+    $j = 0;
+    for ($i = 0; $i < 40; $i++) {
+        $a * $e == $a - $a + $e;
+        $maq[$obj] = $a + $e;
+        $maq[$obj] = $maq[$obj] = !!$a = $a . 
+            $maq[$obj] = $maq[$obj] = $maq[$obj] = $maq[$obj] = $a = $a + $a = &$a +
+            $maq[$obj] = $maq[$obj] = $a + $e;
+        $maq[$obj] = $maq[$obj] = !!$a = $a . $maq[$obj] = $maq[$obj] = $maq[$obj] =
+            $maq[$obj] = $a * $e == $a - $a + $e;
+        $maq[$obj] = $maq[$obj] = +$e;
+        $a * $e == $a - $a + $e;
+        +$e;
+        $a * $a = $a + $a = &$a + $e = $a-- +$a + $e;
+        $maq[$obj] = $maq[$obj] = !!$a = $a . $a &= $aZ = $a;
+    }
+}
+try {
+    @test();
+} catch (Throwable $ex) {
+	echo $ex->getMessage() . "\n";
+}
+?>
+--EXPECT--
+Unsupported operand types: string * float