Fix GH-12265: Cloning an object breaks serialization recursion

Author: nielsdos

ext/standard/tests/serialize/gh12265.phpt

@@ -0,0 +1,30 @@
+--TEST--
+GH-12265 (Cloning an object breaks serialization recursion)
+--FILE--
+<?php
+
+class A {
+    public function __construct(public B $x) {
+    }
+}
+
+class B {
+    public A $a;
+
+    public function __serialize()
+    {
+        return ['a' => new A($this)];
+    }
+}
+
+$b = new B();
+$sb = serialize($b);
+$scb = serialize(clone $b);
+
+printf("serialized original:    %s\n", $sb);
+printf("serialized clone   :    %s\n", $scb);
+
+?>
+--EXPECT--
+serialized original:    O:1:"B":1:{s:1:"a";O:1:"A":1:{s:1:"x";r:1;}}
+serialized clone   :    O:1:"B":1:{s:1:"a";O:1:"A":1:{s:1:"x";r:1;}}

ext/standard/var.c

@@ -1314,9 +1314,11 @@ PHP_FUNCTION(serialize)
 		Z_PARAM_ZVAL(struc)
 	ZEND_PARSE_PARAMETERS_END();
 
+	Z_TRY_ADDREF_P(struc);
 	PHP_VAR_SERIALIZE_INIT(var_hash);
 	php_var_serialize(&buf, struc, &var_hash);
 	PHP_VAR_SERIALIZE_DESTROY(var_hash);
+	Z_TRY_DELREF_P(struc);
 
 	if (EG(exception)) {
 		smart_str_free(&buf);