From a54ed9eb24f2d6bcc2f37a3499d8358eaaa274eb Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 7 Feb 2025 17:58:19 +0100
Subject: [PATCH] Fix GH-17727: JIT SEGV on OOM in dtor when creating backtrace

This became visible after GH-17056 was merged, but technically the lack
of setting the opline is also present on lower branches.
We set the opline to mirror the SAVE_OPLINE() from
ZEND_INIT_STATIC_METHOD_CALL().

Closes GH-17732.
---
 ext/opcache/jit/zend_jit_ir.c      |  1 +
 ext/opcache/tests/jit/gh17727.phpt | 31 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 ext/opcache/tests/jit/gh17727.phpt

diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
index 0f2a149eadb..2e61976af5f 100644
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@@ -9327,6 +9327,7 @@ static int zend_jit_init_static_method_call(zend_jit_ctx         *jit,
 			ir_IF_FALSE_cold(if_static);
 		}
 
+		jit_SET_EX_OPLINE(jit, opline);
 		ref = ir_CALL_3(IR_ADDR, ir_CONST_FC_FUNC(zend_jit_push_this_method_call_frame),
 				scope_ref,
 				func_ref,
diff --git a/ext/opcache/tests/jit/gh17727.phpt b/ext/opcache/tests/jit/gh17727.phpt
new file mode 100644
index 00000000000..425315f215a
--- /dev/null
+++ b/ext/opcache/tests/jit/gh17727.phpt
@@ -0,0 +1,31 @@
+--TEST--
+GH-17727 (JIT SEGV on OOM in dtor when creating backtrace)
+--EXTENSIONS--
+opcache
+--SKIPIF--
+<?php
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--INI--
+opcache.jit=1254
+fatal_error_backtraces=1
+memory_limit=2M
+--CREDITS--
+arnaud-lb
+YuanchengJiang
+--FILE--
+<?php
+$str = str_repeat('a', 1024 * 1024 * 1.25);
+class DestructableObject
+{
+    public function __destruct()
+    {
+        DestructableObject::__destruct();
+    }
+}
+$_ = new DestructableObject();
+?>
+--EXPECTF--
+Fatal error: Allowed memory size of 2097152 bytes exhausted %s
+Stack trace:
+%A