Fix GH-17727: JIT SEGV on OOM in dtor when creating backtrace

This became visible after GH-17056 was merged, but technically the lack of setting the opline is also present on lower branches. We set the opline to mirror the SAVE_OPLINE() from ZEND_INIT_STATIC_METHOD_CALL(). Closes GH-17732.
2025-08-15 13:38:49 +02:00 · 2025-02-07 17:58:19 +01:00 · 2025-02-07 17:58:19 +01:00 · a54ed9eb24
commit a54ed9eb24
parent 033a66bac8
2 changed files with 32 additions and 0 deletions
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@ -9327,6 +9327,7 @@ static int zend_jit_init_static_method_call(zend_jit_ctx         *jit,
 			ir_IF_FALSE_cold(if_static);
 		}

+		jit_SET_EX_OPLINE(jit, opline);
 		ref = ir_CALL_3(IR_ADDR, ir_CONST_FC_FUNC(zend_jit_push_this_method_call_frame),
 				scope_ref,
 				func_ref,
--- a/ext/opcache/tests/jit/gh17727.phpt
+++ b/ext/opcache/tests/jit/gh17727.phpt
@ -0,0 +1,31 @@
+--TEST--
+GH-17727 (JIT SEGV on OOM in dtor when creating backtrace)
+--EXTENSIONS--
+opcache
+--SKIPIF--
+<?php
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--INI--
+opcache.jit=1254
+fatal_error_backtraces=1
+memory_limit=2M
+--CREDITS--
+arnaud-lb
+YuanchengJiang
+--FILE--
+<?php
+$str = str_repeat('a', 1024 * 1024 * 1.25);
+class DestructableObject
+{
+    public function __destruct()
+    {
+        DestructableObject::__destruct();
+    }
+}
+$_ = new DestructableObject();
+?>
+--EXPECTF--
+Fatal error: Allowed memory size of 2097152 bytes exhausted %s
+Stack trace:
+%A