From b50dd91fa229baa0f6ad6f61e1b3863920cbb11d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 15 Jan 2023 15:29:03 +0100
Subject: [PATCH] Fix incorrect comparison in block optimization pass

We're in the case of ZEND_JMPZ_EX or ZEND_JMPNZ_EX. The opcode gets
overwritten and only after the overwriting gets checked if we're in a
JMPZ or JMPNZ case. This results in a wrong optimization.
---
 Zend/Optimizer/block_pass.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Zend/Optimizer/block_pass.c b/Zend/Optimizer/block_pass.c
index 79207edb3d8b9..72ae012066094 100644
--- a/Zend/Optimizer/block_pass.c
+++ b/Zend/Optimizer/block_pass.c
@@ -671,13 +671,13 @@ static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array
 			case ZEND_JMPNZ_EX:
 				while (1) {
 					if (opline->op1_type == IS_CONST) {
-						if (zend_is_true(&ZEND_OP1_LITERAL(opline)) ==
-						    (opline->opcode == ZEND_JMPZ_EX)) {
+						bool is_jmpz_ex = opline->opcode == ZEND_JMPZ_EX;
+						if (zend_is_true(&ZEND_OP1_LITERAL(opline)) == is_jmpz_ex) {
 
 							++(*opt_count);
 							opline->opcode = ZEND_QM_ASSIGN;
 							zval_ptr_dtor_nogc(&ZEND_OP1_LITERAL(opline));
-							ZVAL_BOOL(&ZEND_OP1_LITERAL(opline), opline->opcode == ZEND_JMPZ_EX);
+							ZVAL_BOOL(&ZEND_OP1_LITERAL(opline), is_jmpz_ex);
 							opline->op2.num = 0;
 							block->successors_count = 1;
 							block->successors[0] = block->successors[1];