From fc6f53d426bde3e3ab4e73d44abba54fdb9891f7 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 30 Jun 2020 12:22:41 +0200
Subject: [PATCH] Fix leak when setting cyclic previous exception in finally

A curious exception handling pattern found in Symfony's HttpClient.
---
 Zend/tests/exception_set_previous_leak.phpt | 20 ++++++++++++++++++++
 Zend/zend_exceptions.c                      |  8 +++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 Zend/tests/exception_set_previous_leak.phpt

diff --git a/Zend/tests/exception_set_previous_leak.phpt b/Zend/tests/exception_set_previous_leak.phpt
new file mode 100644
index 00000000000..7fb680f9516
--- /dev/null
+++ b/Zend/tests/exception_set_previous_leak.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Leak when setting recursive previous exception in finally handling
+--FILE--
+<?php
+
+try {
+    try {
+        throw new Exception("Test");
+    } catch (Exception $e) {
+        throw $e;
+    } finally {
+        throw $e;
+    }
+} catch (Exception $e2) {
+    echo $e2->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Test
diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c
index 3ad5748e4dd..371c38dcd6c 100644
--- a/Zend/zend_exceptions.c
+++ b/Zend/zend_exceptions.c
@@ -76,9 +76,15 @@ void zend_exception_set_previous(zend_object *exception, zend_object *add_previo
 	zval  pv, zv, rv;
 	zend_class_entry *base_ce;
 
-	if (exception == add_previous || !add_previous || !exception) {
+	if (!exception || !add_previous) {
 		return;
 	}
+
+	if (exception == add_previous) {
+		OBJ_RELEASE(add_previous);
+		return;
+	}
+
 	ZVAL_OBJ(&pv, add_previous);
 	if (!instanceof_function(Z_OBJCE(pv), zend_ce_throwable)) {
 		zend_error_noreturn(E_CORE_ERROR, "Previous exception must implement Throwable");