From bbde9c81789e45ca7a280ad7ca5459423b2899a2 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 6 Feb 2026 09:35:35 +0100 Subject: [PATCH 1/3] Fix OSS-Fuzz #478009707 for JIT This issue was already fixed in GH-21124, but some JIT paths were missing. Closes GH-21151 --- Zend/tests/oss-fuzz-478009707.phpt | 6 +++++- ext/opcache/jit/zend_jit_helpers.c | 14 +++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Zend/tests/oss-fuzz-478009707.phpt b/Zend/tests/oss-fuzz-478009707.phpt index 02ba186a49ece..bd002fc3badf5 100644 --- a/Zend/tests/oss-fuzz-478009707.phpt +++ b/Zend/tests/oss-fuzz-478009707.phpt @@ -18,6 +18,10 @@ $c = new C(1); $c->prop = 1; var_dump($c->prop); +$c->prop = PHP_INT_MAX; +var_dump($c->prop); + ?> ---EXPECT-- +--EXPECTF-- int(4) +float(%s) diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c index a98b9ebc77606..9504b5bf79ecb 100644 --- a/ext/opcache/jit/zend_jit_helpers.c +++ b/ext/opcache/jit/zend_jit_helpers.c @@ -2776,7 +2776,7 @@ static void ZEND_FASTCALL zend_jit_assign_obj_op_helper(zend_object *zobj, zend_ //??? } else { //??? prop_info = zend_object_fetch_property_type_info(Z_OBJ_P(object), orig_zptr); //??? } - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_jit_assign_op_to_typed_prop(zptr, prop_info, value, binary_op); } else { @@ -2972,6 +2972,9 @@ static void ZEND_FASTCALL zend_jit_pre_inc_obj_helper(zend_object *zobj, zend_st } } else { zend_property_info *prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); + if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) { + prop_info = NULL; + } if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) { fast_long_increment_function(prop); @@ -3042,6 +3045,9 @@ static void ZEND_FASTCALL zend_jit_pre_dec_obj_helper(zend_object *zobj, zend_st } } else { zend_property_info *prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); + if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) { + prop_info = NULL; + } if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) { fast_long_decrement_function(prop); @@ -3110,6 +3116,9 @@ static void ZEND_FASTCALL zend_jit_post_inc_obj_helper(zend_object *zobj, zend_s ZVAL_NULL(result); } else { zend_property_info *prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); + if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) { + prop_info = NULL; + } if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) { ZVAL_LONG(result, Z_LVAL_P(prop)); @@ -3171,6 +3180,9 @@ static void ZEND_FASTCALL zend_jit_post_dec_obj_helper(zend_object *zobj, zend_s ZVAL_NULL(result); } else { zend_property_info *prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); + if (prop_info && !ZEND_TYPE_IS_SET(prop_info->type)) { + prop_info = NULL; + } if (EXPECTED(Z_TYPE_P(prop) == IS_LONG)) { ZVAL_LONG(result, Z_LVAL_P(prop)); From 0e0f5476cfece295f28a65ab87ba275738da183b Mon Sep 17 00:00:00 2001 From: Jorg Adam Sowa Date: Sun, 8 Feb 2026 16:49:40 +0100 Subject: [PATCH 2/3] [skip ci] Remove PHP-8.1 from push.yml triggers (GH-21157) --- .github/workflows/push.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index ab917b518e1a6..d2f3587aef885 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -12,7 +12,6 @@ on: - .cirrus.yml - .circleci/** branches: - - PHP-8.1 - PHP-8.2 - PHP-8.3 - PHP-8.4 From 2a3e970d4c3992c7e56e4c8b3f55426fbadb0447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AD=A6=E7=94=B0=20=E6=86=B2=E5=A4=AA=E9=83=8E?= Date: Fri, 6 Feb 2026 13:22:06 +0000 Subject: [PATCH 3/3] [CI] Use MySQL LTS version Update the MySQL version used in CI from 8.3 to 8.4, the current MySQL LTS release. CI has been using MySQL 8.3 due to a MySQL-side bug that caused test failures (see GH-14112, GH-14113, GH-14120). That issue has now been fixed upstream in MySQL 8.4.8. References: * MySQL 8.4.8 release notes (pluggable authentication fix): https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-8.html#mysqld-8-4-8-pluggable-auth * MySQL bug tracker: https://bugs.mysql.com/bug.php?id=114876#c555902 * Docker image availability: https://hub.docker.com/_/mysql/tags?name=8.4 Closes GH-21154 --- .circleci/config.yml | 2 +- .github/workflows/nightly.yml | 8 ++++---- .github/workflows/push.yml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f0ef86756ae88..eb0c7e0643878 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,7 @@ jobs: resource_class: arm.medium docker: - image: cimg/base:current-22.04 - - image: mysql:8.3 + - image: mysql:8.4 environment: MYSQL_ALLOW_EMPTY_PASSWORD: true MYSQL_ROOT_PASSWORD: '' diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b3870fab571b7..20b7e8be56f5c 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -136,7 +136,7 @@ jobs: LINUX_X64: services: mysql: - image: mysql:8.3 + image: mysql:8.4 ports: - 3306:3306 env: @@ -278,7 +278,7 @@ jobs: PDO_FIREBIRD_TEST_DSN: firebird:dbname=firebird:test.fdb services: mysql: - image: mysql:8.3 + image: mysql:8.4 ports: - 3306:3306 env: @@ -413,7 +413,7 @@ jobs: if: inputs.branch == 'master' services: mysql: - image: mysql:8.3 + image: mysql:8.4 ports: - 3306:3306 env: @@ -661,7 +661,7 @@ jobs: OPCACHE_VARIATION: services: mysql: - image: mysql:8.3 + image: mysql:8.4 ports: - 3306:3306 env: diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 53e94a33a0e5d..602716fbfed59 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -46,7 +46,7 @@ jobs: if: github.repository == 'php/php-src' || github.event_name == 'pull_request' services: mysql: - image: mysql:8.3 + image: mysql:8.4 ports: - 3306:3306 env: @@ -124,7 +124,7 @@ jobs: PDO_MYSQL_TEST_HOST: mysql services: mysql: - image: mysql:8.3 + image: mysql:8.4 ports: - 3306:3306 env: