Dev news

Commit bbde9c81789 for php.net

commit bbde9c81789e45ca7a280ad7ca5459423b2899a2
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date:   Fri Feb 6 09:35:35 2026 +0100

    Fix OSS-Fuzz #478009707 for JIT

    This issue was already fixed in GH-21124, but some JIT paths were missing.

    Closes GH-21151

diff --git a/Zend/tests/oss-fuzz-478009707.phpt b/Zend/tests/oss-fuzz-478009707.phpt
index 02ba186a49e..bd002fc3bad 100644
--- a/Zend/tests/oss-fuzz-478009707.phpt
+++ b/Zend/tests/oss-fuzz-478009707.phpt
@@ -18,6 +18,10 @@ class C {
 $c->prop = 1;
 var_dump($c->prop);

+$c->prop = PHP_INT_MAX;
+var_dump($c->prop);
+
 ?>
---EXPECT--
+--EXPECTF--
 int(4)
+float(%s)
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
index a98b9ebc776..9504b5bf79e 100644
--- a/ext/opcache/jit/zend_jit_helpers.c
+++ b/ext/opcache/jit/zend_jit_helpers.c
@@ -2776,7 +2776,7 @@ static void ZEND_FASTCALL zend_jit_assign_obj_op_helper(zend_object *zobj, zend_
 //???				} else {
 //???					prop_info = zend_object_fetch_property_type_info(Z_OBJ_P(object), orig_zptr);
 //???				}
-				if (prop_info) {
+				if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) {
 					/* special case for typed properties */
 					zend_jit_assign_op_to_typed_prop(zptr, prop_info, value, binary_op);
 				} else {
@@ -2972,6 +2972,9 @@ static void ZEND_FASTCALL zend_jit_pre_inc_obj_helper(zend_object *zobj, zend_st
 			}
 		} else {
 			zend_property_info *prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2);
+			if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
+				prop_info = NULL;
+			}

 			if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
 				fast_long_increment_function(prop);
@@ -3042,6 +3045,9 @@ static void ZEND_FASTCALL zend_jit_pre_dec_obj_helper(zend_object *zobj, zend_st
 			}
 		} else {
 			zend_property_info *prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2);
+			if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
+				prop_info = NULL;
+			}

 			if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
 				fast_long_decrement_function(prop);
@@ -3110,6 +3116,9 @@ static void ZEND_FASTCALL zend_jit_post_inc_obj_helper(zend_object *zobj, zend_s
 			ZVAL_NULL(result);
 		} else {
 			zend_property_info *prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2);
+			if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
+				prop_info = NULL;
+			}

 			if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
 				ZVAL_LONG(result, Z_LVAL_P(prop));
@@ -3171,6 +3180,9 @@ static void ZEND_FASTCALL zend_jit_post_dec_obj_helper(zend_object *zobj, zend_s
 			ZVAL_NULL(result);
 		} else {
 			zend_property_info *prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2);
+			if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) {
+				prop_info = NULL;
+			}

 			if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) {
 				ZVAL_LONG(result, Z_LVAL_P(prop));