From 7572d9bdd3592f91ed65bf7c96ea6aeba9a36e35 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 20 Jul 2021 15:23:21 +0200
Subject: [PATCH] Fix RC_DEBUG check for IS_NULL type

IS_NULL is set during GC, conservatively assume that it might have
been an object.
---
 Zend/zend_types.h | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Zend/zend_types.h b/Zend/zend_types.h
index b9d013fbc19..3be37a7153e 100644
--- a/Zend/zend_types.h
+++ b/Zend/zend_types.h
@@ -1143,10 +1143,15 @@ static zend_always_inline uint32_t zval_gc_info(uint32_t gc_type_info) {
 
 #if ZEND_RC_DEBUG
 extern ZEND_API bool zend_rc_debug;
+/* The GC_PERSISTENT flag is reused for IS_OBJ_WEAKLY_REFERENCED on objects.
+ * Skip checks for OBJECT/NULL type to avoid interpreting the flag incorrectly. */
 # define ZEND_RC_MOD_CHECK(p) do { \
-		if (zend_rc_debug && zval_gc_type((p)->u.type_info) != IS_OBJECT) { \
-			ZEND_ASSERT(!(zval_gc_flags((p)->u.type_info) & GC_IMMUTABLE)); \
-			ZEND_ASSERT((zval_gc_flags((p)->u.type_info) & (GC_PERSISTENT|GC_PERSISTENT_LOCAL)) != GC_PERSISTENT); \
+		if (zend_rc_debug) { \
+			zend_uchar type = zval_gc_type((p)->u.type_info); \
+			if (type != IS_OBJECT && type != IS_NULL) { \
+				ZEND_ASSERT(!(zval_gc_flags((p)->u.type_info) & GC_IMMUTABLE)); \
+				ZEND_ASSERT((zval_gc_flags((p)->u.type_info) & (GC_PERSISTENT|GC_PERSISTENT_LOCAL)) != GC_PERSISTENT); \
+			} \
 		} \
 	} while (0)
 # define GC_MAKE_PERSISTENT_LOCAL(p) do { \