From 05b63b15932393e43e7c9cd80f3e100fb8a89f3b Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Mon, 7 Nov 2022 12:19:54 +0300
Subject: [PATCH] Don't check "fake" closures (fix assertion)

Fixes oss-fuzz #53078
---
 Zend/tests/first_class_callable_016.phpt | 16 ++++++++++++++++
 Zend/zend_vm_def.h                       |  2 +-
 Zend/zend_vm_execute.h                   |  6 +++---
 3 files changed, 20 insertions(+), 4 deletions(-)
 create mode 100644 Zend/tests/first_class_callable_016.phpt

diff --git a/Zend/tests/first_class_callable_016.phpt b/Zend/tests/first_class_callable_016.phpt
new file mode 100644
index 00000000000..3369a6dee70
--- /dev/null
+++ b/Zend/tests/first_class_callable_016.phpt
@@ -0,0 +1,16 @@
+--TEST--
+First class callables and &__call()
+--FILE--
+<?php
+class Foo {
+    public function &__call($method, $args) {
+        return $method;
+    }
+}
+
+$foo = new Foo;
+$bar = $foo->bar(...);
+echo $bar(),"\n";
+?>
+--EXPECT--
+bar
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 7e8f17ea84d..9a1d00d6c77 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -4166,7 +4166,7 @@ ZEND_VM_HOT_HANDLER(60, ZEND_DO_FCALL, ANY, ANY, SPEC(RETVAL,OBSERVER))
 		}
 
 #if ZEND_DEBUG
-		if (!EG(exception) && call->func) {
+		if (!EG(exception) && call->func && !(call->func->common.fn_flags & ZEND_ACC_FAKE_CLOSURE)) {
 			if (should_throw) {
 				zend_internal_call_arginfo_violation(call->func);
 			}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 409f8f2f047..9303953e4e8 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1845,7 +1845,7 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_SPEC_RETV
 		}
 
 #if ZEND_DEBUG
-		if (!EG(exception) && call->func) {
+		if (!EG(exception) && call->func && !(call->func->common.fn_flags & ZEND_ACC_FAKE_CLOSURE)) {
 			if (should_throw) {
 				zend_internal_call_arginfo_violation(call->func);
 			}
@@ -1954,7 +1954,7 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_SPEC_RETV
 		}
 
 #if ZEND_DEBUG
-		if (!EG(exception) && call->func) {
+		if (!EG(exception) && call->func && !(call->func->common.fn_flags & ZEND_ACC_FAKE_CLOSURE)) {
 			if (should_throw) {
 				zend_internal_call_arginfo_violation(call->func);
 			}
@@ -2064,7 +2064,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_FCALL_SPEC_OBS
 		}
 
 #if ZEND_DEBUG
-		if (!EG(exception) && call->func) {
+		if (!EG(exception) && call->func && !(call->func->common.fn_flags & ZEND_ACC_FAKE_CLOSURE)) {
 			if (should_throw) {
 				zend_internal_call_arginfo_violation(call->func);
 			}