From ba5d53d44fbac720de7c544d3f8b073b9cf25a7b Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 7 Feb 2025 17:58:19 +0100
Subject: [PATCH 1/2] Fix GH-17727: JIT SEGV on OOM in dtor when creating
 backtrace

This became visible after GH-17056 was merged, but technically the lack
of setting the opline is also present on lower branches.
We set the opline to mirror the SAVE_OPLINE() from
ZEND_INIT_STATIC_METHOD_CALL().
---
 ext/opcache/jit/zend_jit_ir.c      |  1 +
 ext/opcache/tests/jit/gh17727.phpt | 33 ++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 ext/opcache/tests/jit/gh17727.phpt

diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
index aee2afa7a513d..ddb859895bd4a 100644
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@@ -9327,6 +9327,7 @@ static int zend_jit_init_static_method_call(zend_jit_ctx         *jit,
 			ir_IF_FALSE_cold(if_static);
 		}
 
+		jit_SET_EX_OPLINE(jit, opline);
 		ref = ir_CALL_3(IR_ADDR, ir_CONST_FC_FUNC(zend_jit_push_this_method_call_frame),
 				scope_ref,
 				func_ref,
diff --git a/ext/opcache/tests/jit/gh17727.phpt b/ext/opcache/tests/jit/gh17727.phpt
new file mode 100644
index 0000000000000..9a7f352741c0a
--- /dev/null
+++ b/ext/opcache/tests/jit/gh17727.phpt
@@ -0,0 +1,33 @@
+--TEST--
+GH-17727 (JIT SEGV on OOM in dtor when creating backtrace)
+--EXTENSIONS--
+opcache
+--SKIPIF--
+<?php
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--INI--
+opcache.jit=1254
+fatal_error_backtraces=1
+memory_limit=2M
+--CREDITS--
+arnaud-lb
+YuanchengJiang
+--FILE--
+<?php
+class DestructableObject
+{
+    public function __destruct()
+    {
+        DestructableObject::__destruct();
+    }
+}
+$_ = new DestructableObject();
+?>
+--EXPECTF--
+Fatal error: Allowed memory size of 2097152 bytes exhausted %s
+Stack trace:
+#0 %s(%d): DestructableObject->__destruct()
+%A
+#%d [internal function]: DestructableObject->__destruct()
+#%d {main}

From 4bd661d5ada71dbbf0d0a8ea7e76ed7b1dbc21da Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 7 Feb 2025 19:36:32 +0100
Subject: [PATCH 2/2] relax test matching

---
 ext/opcache/tests/jit/gh17727.phpt | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ext/opcache/tests/jit/gh17727.phpt b/ext/opcache/tests/jit/gh17727.phpt
index 9a7f352741c0a..425315f215a6e 100644
--- a/ext/opcache/tests/jit/gh17727.phpt
+++ b/ext/opcache/tests/jit/gh17727.phpt
@@ -15,6 +15,7 @@ arnaud-lb
 YuanchengJiang
 --FILE--
 <?php
+$str = str_repeat('a', 1024 * 1024 * 1.25);
 class DestructableObject
 {
     public function __destruct()
@@ -27,7 +28,4 @@ $_ = new DestructableObject();
 --EXPECTF--
 Fatal error: Allowed memory size of 2097152 bytes exhausted %s
 Stack trace:
-#0 %s(%d): DestructableObject->__destruct()
 %A
-#%d [internal function]: DestructableObject->__destruct()
-#%d {main}