diff --git a/NEWS b/NEWS index 972f83c6391..082a9af297c 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ PHP NEWS Zend/zend_opcode.c). (nielsdos) . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations). (Kévin Dunglas) + . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert + parameters). (ilutov) - Fibers: . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()). diff --git a/Zend/tests/gh14003.phpt b/Zend/tests/gh14003.phpt new file mode 100644 index 00000000000..92a6c5919ab --- /dev/null +++ b/Zend/tests/gh14003.phpt @@ -0,0 +1,24 @@ +--TEST-- +GH-14003: Missing handling of CALLABLE_CONVERT in cleanup_unfinished_calls() +--FILE-- + +--EXPECTF-- +Fatal error: Uncaught Exception: Test in %s:%d +Stack trace: +#0 [internal function]: foo('a') +#1 %s(%d): array_map(Object(Closure), Array) +#2 {main} + thrown in %s on line %d diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 436154a99af..555e250bbca 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -4231,6 +4231,7 @@ ZEND_API void zend_unfinished_calls_gc(zend_execute_data *execute_data, zend_exe case ZEND_DO_ICALL: case ZEND_DO_UCALL: case ZEND_DO_FCALL_BY_NAME: + case ZEND_CALLABLE_CONVERT: level++; break; case ZEND_INIT_FCALL: @@ -4286,6 +4287,7 @@ ZEND_API void zend_unfinished_calls_gc(zend_execute_data *execute_data, zend_exe case ZEND_DO_ICALL: case ZEND_DO_UCALL: case ZEND_DO_FCALL_BY_NAME: + case ZEND_CALLABLE_CONVERT: level++; break; case ZEND_INIT_FCALL: @@ -4364,6 +4366,7 @@ static void cleanup_unfinished_calls(zend_execute_data *execute_data, uint32_t o case ZEND_DO_ICALL: case ZEND_DO_UCALL: case ZEND_DO_FCALL_BY_NAME: + case ZEND_CALLABLE_CONVERT: level++; break; case ZEND_INIT_FCALL: @@ -4419,6 +4422,7 @@ static void cleanup_unfinished_calls(zend_execute_data *execute_data, uint32_t o case ZEND_DO_ICALL: case ZEND_DO_UCALL: case ZEND_DO_FCALL_BY_NAME: + case ZEND_CALLABLE_CONVERT: level++; break; case ZEND_INIT_FCALL: