From da43645515a0b1c2e33012a0a3ccfe1e2819c7c6 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Tue, 17 Feb 2026 21:37:53 +0100
Subject: [PATCH] Fix GH-21244: use after free in zend_test_class_free_obj

Not really a bug, as zend_test shouldn't be used outside of debugging,
but let's silence fuzzers.
The problem is that the arg info should be cloned as well when the class
is cloned; or we fix it the simple way in this patch and make it
uncloneable.
---
 ext/zend_test/test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ext/zend_test/test.c b/ext/zend_test/test.c
index d99c40bc72b..0faf65f3643 100644
--- a/ext/zend_test/test.c
+++ b/ext/zend_test/test.c
@@ -1527,6 +1527,7 @@ PHP_MINIT_FUNCTION(zend_test)
 
 	memcpy(&zend_test_class_handlers, &std_object_handlers, sizeof(zend_object_handlers));
 	zend_test_class_handlers.get_method = zend_test_class_method_get;
+	zend_test_class_handlers.clone_obj = NULL;
 	zend_test_class_handlers.free_obj = zend_test_class_free_obj;
 	zend_test_class_handlers.offset = XtOffsetOf(zend_test_object, std);