Fix missing handling of CALLABLE_CONVERT in cleanup_unfinished_calls()

Fixes GH-14003
2025-08-16 05:58:45 +02:00 · 2024-04-19 15:19:02 +02:00 · 2024-04-19 15:19:02 +02:00 · b3e26c3036
commit b3e26c3036
parent 04b864e566
3 changed files with 30 additions and 0 deletions
--- a/2
+++ b/2
@ -9,6 +9,8 @@ PHP                                                                        NEWS
    Zend/zend_opcode.c). (nielsdos)
  . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with
    other timeout implementations). (Kévin Dunglas)
+  . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert
+    parameters). (ilutov)

 - Fibers:
  . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
--- a/Zend/tests/gh14003.phpt
+++ b/Zend/tests/gh14003.phpt
@ -0,0 +1,24 @@
+--TEST--
+GH-14003: Missing handling of CALLABLE_CONVERT in cleanup_unfinished_calls()
+--FILE--
+<?php
+
+function foo(string $key): string {
+    throw new \Exception('Test');
+}
+
+array_filter(
+    array_combine(
+        ['a'],
+        array_map(foo(...), ['a']),
+    ),
+);
+
+?>
+--EXPECTF--
+Fatal error: Uncaught Exception: Test in %s:%d
+Stack trace:
+#0 [internal function]: foo('a')
+#1 %s(%d): array_map(Object(Closure), Array)
+#2 {main}
+  thrown in %s on line %d
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@ -4104,6 +4104,7 @@ ZEND_API void zend_unfinished_calls_gc(zend_execute_data *execute_data, zend_exe
 				case ZEND_DO_ICALL:
 				case ZEND_DO_UCALL:
 				case ZEND_DO_FCALL_BY_NAME:
+				case ZEND_CALLABLE_CONVERT:
 					level++;
 					break;
 				case ZEND_INIT_FCALL:
@ -4159,6 +4160,7 @@ ZEND_API void zend_unfinished_calls_gc(zend_execute_data *execute_data, zend_exe
 					case ZEND_DO_ICALL:
 					case ZEND_DO_UCALL:
 					case ZEND_DO_FCALL_BY_NAME:
+					case ZEND_CALLABLE_CONVERT:
 						level++;
 						break;
 					case ZEND_INIT_FCALL:
@ -4237,6 +4239,7 @@ static void cleanup_unfinished_calls(zend_execute_data *execute_data, uint32_t o
 					case ZEND_DO_ICALL:
 					case ZEND_DO_UCALL:
 					case ZEND_DO_FCALL_BY_NAME:
+					case ZEND_CALLABLE_CONVERT:
 						level++;
 						break;
 					case ZEND_INIT_FCALL:
@ -4292,6 +4295,7 @@ static void cleanup_unfinished_calls(zend_execute_data *execute_data, uint32_t o
 						case ZEND_DO_ICALL:
 						case ZEND_DO_UCALL:
 						case ZEND_DO_FCALL_BY_NAME:
+						case ZEND_CALLABLE_CONVERT:
 							level++;
 							break;
 						case ZEND_INIT_FCALL: