Assertion in zend_fiber_object_gc()

[dstogov]

Description

The following code:

<?php
function f() {
    $$y = Fiber::getCurrent();
    Fiber::suspend();
}
$fiber = new Fiber(function() {
    get_defined_vars();
    f();
});
$fiber->start();
gc_collect_cycles();
?>
DONE

Resulted in this output:

DONE

But I expected this output instead:

Zend/zend_fibers.c:659: zend_fiber_object_gc: Assertion `zval_get_type(&(*(val))) == 12' failed.

PHP creates IS_INDIRECT zvals to keep real zvals in CVs but have "pointers" in the symbol table. However, it's possible to create a variable in symbol table without CV. (e.g using $$). So variables don't have to be IS_INDIRECT. May be non IS_INDIRECT values should be just skipped.

The bug was found by google oss-fuzz.

PHP Version

PHP-8.1

Operating System

[arnaud-lb]

Thank you for the pointers. I've pushed a PR here: #10386

May be non IS_INDIRECT values should be just skipped.

I've tried that in the PR, but I've had to handle them so that the cycle in Zend/tests/fibers/gh10340-003.phpt could be collected.