Fix memory leak

dstogov · dstogov · commit 44b86aee31ca · 2022-07-25T12:04:46.000+03:00
Fixes oss-fuzz #49272
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -5335,6 +5335,10 @@ static int zend_jit_long_math_helper(dasm_State    **Dst,
 		|.if not(X64)
 		|	add r4, 12
 		|.endif
+		if (op1_addr == res_addr && (op2_info & MAY_BE_RCN)) {
+			/* compound assignment may decrement "op2" refcount */
+			op2_info |= MAY_BE_RC1;
+		}
 		|	FREE_OP op1_type, op1, op1_info, 0, opline
 		|	FREE_OP op2_type, op2, op2_info, 0, opline
 		if (may_throw) {
diff --git a/ext/opcache/tests/jit/and_002.phpt b/ext/opcache/tests/jit/and_002.phpt
@@ -0,0 +1,18 @@
+--TEST--
+JIT BW_AND: 002 (memory leak)
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function t($a) {
+    for($i = 0; $i < 2; $i++)
+        $a &= $a = $a;
+    }
+t("");
+?>
+DONE
+--EXPECTF--
+DONE
