From 56c4ddfaf62ff3935029847bb6fb44768f4b9452 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 22 Jun 2025 09:43:08 +0200
Subject: [PATCH] Fix GH-18899: JIT function crash when emitting undefined
 variable warning and opline is not set yet

The crash happens because EX(opline) is attempted to be accessed but
it's not set yet.

Closes GH-18904.
---
 NEWS                               |  2 ++
 ext/opcache/jit/zend_jit_ir.c      |  2 ++
 ext/opcache/tests/jit/gh18899.phpt | 21 +++++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 ext/opcache/tests/jit/gh18899.phpt

diff --git a/NEWS b/NEWS
index 2e969e0830f..f71edaedb61 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,8 @@ PHP                                                                        NEWS
 - Opcache:
   . Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
     (nielsdos)
+  . Fixed bug GH-18899 (JIT function crash when emitting undefined variable
+    warning and opline is not set yet). (nielsdos)
 
 - Standard:
   . Fix misleading errors in printf(). (nielsdos)
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
index 74fad38ffee..6afd768321c 100644
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@@ -5981,6 +5981,7 @@ static int zend_jit_long_math_helper(zend_jit_ctx   *jit,
 			ir_IF_FALSE_cold(if_def);
 
 			// zend_error_unchecked(E_WARNING, "Undefined variable $%S", CV_DEF_OF(EX_VAR_TO_NUM(opline->op1.var)));
+			jit_SET_EX_OPLINE(jit, opline);
 			ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_undefined_op_helper), ir_CONST_U32(opline->op1.var));
 
 			ref2 = jit_EG(uninitialized_zval);
@@ -5997,6 +5998,7 @@ static int zend_jit_long_math_helper(zend_jit_ctx   *jit,
 			ir_IF_FALSE_cold(if_def);
 
 			// zend_error_unchecked(E_WARNING, "Undefined variable $%S", CV_DEF_OF(EX_VAR_TO_NUM(opline->op2.var)));
+			jit_SET_EX_OPLINE(jit, opline);
 			ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_undefined_op_helper), ir_CONST_U32(opline->op2.var));
 
 			ref2 = jit_EG(uninitialized_zval);
diff --git a/ext/opcache/tests/jit/gh18899.phpt b/ext/opcache/tests/jit/gh18899.phpt
new file mode 100644
index 00000000000..47c9a3e1ae3
--- /dev/null
+++ b/ext/opcache/tests/jit/gh18899.phpt
@@ -0,0 +1,21 @@
+--TEST--
+GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit=1205
+opcache.jit_buffer_size=8M
+--FILE--
+<?php
+function ptr2str()
+{
+    for ($i=0; $i<8; $i++) {
+        $ptr >>= 8;
+    }
+}
+str_repeat("A",232).ptr2str();
+?>
+--EXPECTF--
+Warning: Undefined variable $ptr in %s on line %d