From a88a5ecbefee4e9044bfe45ca71b797f49b6a1b7 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Thu, 4 Sep 2025 06:01:58 +0200
Subject: [PATCH] Fix disabling of InfiniteIterator in fuzzer (#19690)

The canonical way to do this is via `get_constructor` as `create_object`
may not return NULL.
---
 sapi/fuzzer/fuzzer-sapi.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c
index 1e12e14c093..b1909ef2f42 100644
--- a/sapi/fuzzer/fuzzer-sapi.c
+++ b/sapi/fuzzer/fuzzer-sapi.c
@@ -126,9 +126,9 @@ static sapi_module_struct fuzzer_module = {
 	STANDARD_SAPI_MODULE_PROPERTIES
 };
 
-static ZEND_COLD zend_object *disable_class_create_handler(zend_class_entry *class_type) /* {{{ */
+static ZEND_COLD zend_function *disable_class_get_constructor_handler(zend_object *obj) /* {{{ */
 {
-	zend_throw_error(NULL, "Cannot construct class %s, as it is disabled", ZSTR_VAL(class_type->name));
+	zend_throw_error(NULL, "Cannot construct class %s, as it is disabled", ZSTR_VAL(obj->ce->name));
 	return NULL;
 }
 
@@ -138,7 +138,11 @@ static void fuzzer_disable_classes(void)
 	 * can cause long loops that bypass the executor step limit. */
 	/* Lowercase as this is how the CE as stored */
 	zend_class_entry *InfiniteIterator_class = zend_hash_str_find_ptr(CG(class_table), "infiniteiterator", strlen("infiniteiterator"));
-	InfiniteIterator_class->create_object = disable_class_create_handler;
+
+	static zend_object_handlers handlers;
+	memcpy(&handlers, InfiniteIterator_class->default_object_handlers, sizeof(handlers));
+	handlers.get_constructor = disable_class_get_constructor_handler;
+	InfiniteIterator_class->default_object_handlers = &handlers;
 }
 
 int fuzzer_init_php(const char *extra_ini)