Fix GH-21244: use after free in zend_test_class_free_obj

Not really a bug, as zend_test shouldn't be used outside of debugging, but let's silence fuzzers. The problem is that the arg info should be cloned as well when the class is cloned; or we fix it the simple way in this patch and make it uncloneable.
2026-03-24 00:02:20 +01:00 · 2026-02-17 21:37:53 +01:00
parent 94c8e01a06
commit da43645515
1 changed files with 1 additions and 0 deletions
--- a/ext/zend_test/test.c
+++ b/ext/zend_test/test.c
@@ -1527,6 +1527,7 @@ PHP_MINIT_FUNCTION(zend_test)

 	memcpy(&zend_test_class_handlers, &std_object_handlers, sizeof(zend_object_handlers));
 	zend_test_class_handlers.get_method = zend_test_class_method_get;
+	zend_test_class_handlers.clone_obj = NULL;
 	zend_test_class_handlers.free_obj = zend_test_class_free_obj;
 	zend_test_class_handlers.offset = XtOffsetOf(zend_test_object, std);