Fixed incorrect elimination of refcounted check in JIT for BIND_GLOBAL

Fixes oss-fuzz #65135

Author: dstogov

ext/opcache/jit/zend_jit_arm64.dasc

@@ -11766,7 +11766,7 @@ static int zend_jit_bind_global(dasm_State **Dst, const zend_op *opline, uint32_
 	|	GC_ADDREF REG0, TMP1w
 	|1:
 	if (op1_info & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)) {
-		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
+		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
 			|	// if (UNEXPECTED(Z_REFCOUNTED_P(variable_ptr)))
 			|	IF_ZVAL_REFCOUNTED op1_addr, >2, ZREG_TMP1, ZREG_TMP2
 			|.cold_code
@@ -11793,12 +11793,12 @@ static int zend_jit_bind_global(dasm_State **Dst, const zend_op *opline, uint32_
 			|	EXT_CALL gc_possible_root, REG0
 			|	b >5
 		}
-		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
+		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
 			|.code
 		}
 	}
 
-	if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
+	if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
 		|	// ZVAL_REF(variable_ptr, ref)
 		|	SET_ZVAL_PTR op1_addr, REG0, TMP1
 		|	SET_ZVAL_TYPE_INFO op1_addr, IS_REFERENCE_EX, TMP1w, TMP2

ext/opcache/jit/zend_jit_x86.dasc

@@ -12522,7 +12522,7 @@ static int zend_jit_bind_global(dasm_State **Dst, const zend_op *opline, uint32_
 	|	GC_ADDREF r0
 	|1:
 	if (op1_info & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)) {
-		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
+		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
 			|	// if (UNEXPECTED(Z_REFCOUNTED_P(variable_ptr)))
 			|	IF_ZVAL_REFCOUNTED op1_addr, >2
 			|.cold_code
@@ -12549,12 +12549,12 @@ static int zend_jit_bind_global(dasm_State **Dst, const zend_op *opline, uint32_
 			|	EXT_CALL gc_possible_root, r1
 			|	jmp >5
 		}
-		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
+		if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
 			|.code
 		}
 	}
 
-	if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
+	if (op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF) - (MAY_BE_OBJECT|MAY_BE_RESOURCE))) {
 		|	// ZVAL_REF(variable_ptr, ref)
 		|	SET_ZVAL_PTR op1_addr, r0
 		|	SET_ZVAL_TYPE_INFO op1_addr, IS_REFERENCE_EX

ext/opcache/tests/jit/bind_global_001.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Bind global and immutable string
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function foo($a = '') {
+    global $a;
+}
+foo();
+var_dump($a);
+?>
+--EXPECT--
+NULL