zend_objects_destroy_object crashes on NULL EG(current_execute_data) during exception in destructor (zend_objects.c) #20324
Description
Description
The following code:
<?php class a { function __destruct() { ob_start(function () use (&$c) { $c = new A; !self::$b =$ $x; }, 1); $c = new A; $array = array($c); header(' '); print_r($array); } } new a;Resulted in this output:
AddressSanitizer:DEADLYSIGNAL ================================================================= ==472987==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55a23e17393a bp 0x7ffd7eb42480 sp 0x7ffd7eb42360 T0) ==472987==The signal is caused by a WRITE memory access. ==472987==Hint: address points to the zero page. Commit:
336fbf09d77 Configuration:
CC="clang" CXX="clang++" CFLAGS="-fsanitize=address -g -O0" CXXFLAGS="-fsanitize=address -g -O0" ./configure --enable-debug --enable-address-sanitizer --disable-shared --with-pic PHP Version
PHP 8.6.0-dev (cli) (built: Oct 29 2025 14:18:41) (NTS DEBUG) Copyright (c) The PHP Group Zend Engine v4.6.0-dev, Copyright (c) Zend Technologies with Zend OPcache v8.6.0-dev, Copyright (c), by Zend Technologies Operating System
Ubuntu 22.04