Not NULLing the static_variables pointer for shadow methods during
static var shutdown would be a way to avoid this leak, but unless
there's evidence that inherited private methods with static vars are
actually a common use-case, I don't think we should keep this kind
of fragile edge-case optimization.
Fixes OSS-Fuzz #17875.
--- /dev/null
+--TEST--
+Inheritance of private method with static variable
+--FILE--
+<?php
+
+class A {
+ private function m() {
+ static $x;
+ }
+}
+class B extends A {}
+
+?>
+===DONE===
+--EXPECT--
+===DONE===
}
if (ce->ce_flags & ZEND_HAS_STATIC_IN_METHODS) {
zend_op_array *op_array;
- ZEND_HASH_FOREACH_PTR(&ce->function_table, op_array) {
+ ZEND_HASH_FOREACH_PTR(&ce->function_table, op_array) {
if (op_array->type == ZEND_USER_FUNCTION) {
if (op_array->static_variables) {
HashTable *ht = ZEND_MAP_PTR_GET(op_array->static_variables_ptr);
/* reuse the same op_array structure */
return func;
}
- if (func->op_array.fn_flags & ZEND_ACC_PRIVATE) {
- /* For private methods we reuse the same op_array structure even if
- * static variables are used, because it will not end up being used
- * anyway. However we still need to addref as the dtor will delref. */
- if (!(GC_FLAGS(func->op_array.static_variables) & IS_ARRAY_IMMUTABLE)) {
- GC_ADDREF(func->op_array.static_variables);
- }
- return func;
- }
return zend_duplicate_user_function(func);
}
}
projects / php / commitdiff