Fixed bug #78973

Save opline in leave helper to correctly handle destructor calls
during CV freeing (or other leave freeing).

NEWS

@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Core:
   . Fixed bug #78929 (plus signs in cookie values are converted to spaces).
     (Alexey Kachalin)
+  . Fixed bug #78973 (Destructor during CV freeing causes segfault if opline
+    never saved). (Nikita)
 
 - OPcache:
   . Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS). (Dmitry)

Zend/tests/bug78973.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Bug #78973: Destructor during CV freeing causes segfault if opline never saved
+--FILE--
+<?php
+
+function test($x) {
+}
+test(new class {
+    public function __destruct() {
+        debug_print_backtrace();
+    }
+});
+
+?>
+--EXPECTF--
+#0  class@anonymous->__destruct() called at [%s:4]
+#1  test() called at [%s:5]

Zend/zend_vm_def.h

@@ -2867,6 +2867,7 @@ ZEND_VM_HOT_HELPER(zend_leave_helper, ANY, ANY)
 {
 	zend_execute_data *old_execute_data;
 	uint32_t call_info = EX_CALL_INFO();
+	SAVE_OPLINE();
 
 	if (EXPECTED((call_info & (ZEND_CALL_CODE|ZEND_CALL_TOP|ZEND_CALL_HAS_SYMBOL_TABLE|ZEND_CALL_FREE_EXTRA_ARGS|ZEND_CALL_ALLOCATED)) == 0)) {
 		i_free_compiled_variables(execute_data);

Zend/zend_vm_execute.h

@@ -1130,6 +1130,7 @@ static zend_never_inline ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_leave_helper
 {
 	zend_execute_data *old_execute_data;
 	uint32_t call_info = EX_CALL_INFO();
+	SAVE_OPLINE();
 
 	if (EXPECTED((call_info & (ZEND_CALL_CODE|ZEND_CALL_TOP|ZEND_CALL_HAS_SYMBOL_TABLE|ZEND_CALL_FREE_EXTRA_ARGS|ZEND_CALL_ALLOCATED)) == 0)) {
 		i_free_compiled_variables(execute_data);
@@ -53445,6 +53446,7 @@ zend_leave_helper_SPEC_LABEL:
 {
 	zend_execute_data *old_execute_data;
 	uint32_t call_info = EX_CALL_INFO();
+	SAVE_OPLINE();
 
 	if (EXPECTED((call_info & (ZEND_CALL_CODE|ZEND_CALL_TOP|ZEND_CALL_HAS_SYMBOL_TABLE|ZEND_CALL_FREE_EXTRA_ARGS|ZEND_CALL_ALLOCATED)) == 0)) {
 		i_free_compiled_variables(execute_data);