Fix GH-20286: use-after-destroy during userland stream_close().

devnexen · devnexen · commit 7157f4803232 · 2025-10-31T15:52:54.000Z
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
@@ -1077,22 +1077,27 @@ ZEND_API zend_result zend_call_method_if_exists(
 		zend_object *object, zend_string *method_name, zval *retval,
 		uint32_t param_count, zval *params)
 {
-	zend_fcall_info fci;
-	fci.size = sizeof(zend_fcall_info);
-	fci.object = object;
-	ZVAL_STR(&fci.function_name, method_name);
-	fci.retval = retval;
-	fci.param_count = param_count;
-	fci.params = params;
-	fci.named_params = NULL;
+	if (EG(active)) {
+		zend_fcall_info fci;
+		fci.size = sizeof(zend_fcall_info);
+		fci.object = object;
+		ZVAL_STR(&fci.function_name, method_name);
+		fci.retval = retval;
+		fci.param_count = param_count;
+		fci.params = params;
+		fci.named_params = NULL;
+
+		zend_fcall_info_cache fcc;
+		if (!zend_is_callable_ex(&fci.function_name, fci.object, IS_CALLABLE_SUPPRESS_DEPRECATIONS, NULL, &fcc, NULL)) {
+			ZVAL_UNDEF(retval);
+			return FAILURE;
+		}
 
-	zend_fcall_info_cache fcc;
-	if (!zend_is_callable_ex(&fci.function_name, fci.object, IS_CALLABLE_SUPPRESS_DEPRECATIONS, NULL, &fcc, NULL)) {
-		ZVAL_UNDEF(retval);
+		return zend_call_function(&fci, &fcc);
+	} else {
+		ZEND_UNREACHABLE();
 		return FAILURE;
 	}
-
-	return zend_call_function(&fci, &fcc);
 }
 
 /* 0-9 a-z A-Z _ \ 0x80-0xff */
