Assertion failure at Zend/zend_vm_execute.h `zend_verify_recv_arg_type_helper_SPEC`

[YuanchengJiang]

Description

The following code:

<?php
try {
function Error2Exception($errno, $errstr, $errfile, $errline)
{
throw new MyException($errstr, $errno, $errfile, $errline);
}
set_error_handler('Error2Exception');
$nan = fdiv(0, 0);
function implicit_to_bool(bool $v) {
}
implicit_to_bool($nan);
} catch (\Throwable $_ffl_e) {}

Resulted in this output:

php: Zend/zend_vm_execute.h:2817: const zend_op *zend_verify_recv_arg_type_helper_SPEC(zend_execute_data *, const zend_op *, zval *): Assertion `!(((zend_executor_globals *) (((char*) _tsrm_ls_cache)+(executor_globals_offset)))->exception)' failed.
Aborted (core dumped)

To reproduce:

/home/fuzz/WorkSpace/fusion-fuzz/projects/php/php-src/sapi/cli/php  ./test.php

Commit:

c56f5ad729e383c8a76cac7a2fc46a3c88de8fbd

Configurations:

CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv

Operating System:

Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest

This bug was found by fusion-fuzz

PHP Version

nightly

Operating System

No response