[2015-03-10 13:56 UTC] nikic@php.net

Description:
------------
Script:

<?php

class Test {
    public static function __callStatic($method, $args) {}
}

function do_throw() { throw new Exception; }

try {
    Test::foo(do_throw());
} catch (Exception $e) {
    echo $e, "\n";
}

Output (valgrind):

exception 'Exception' in /home/nikic/php-5.6/t004.php:7
Stack trace:
#0 /home/nikic/php-5.6/t004.php(10): do_throw()
#1 {main}
==3036== 
==3036== HEAP SUMMARY:
==3036==     in use at exit: 76 bytes in 2 blocks
==3036==   total heap usage: 14,602 allocs, 14,600 frees, 3,148,477 bytes allocated
==3036== 
==3036== 76 (72 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2
==3036==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3036==    by 0x7D7983: _emalloc (zend_alloc.c:2427)
==3036==    by 0x84668E: zend_get_user_callstatic_function (zend_object_handlers.c:1137)
==3036==    by 0x846A2A: zend_std_get_static_method (zend_object_handlers.c:1192)
==3036==    by 0x857699: ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER (zend_vm_execute.h:3596)
==3036==    by 0x84FCB6: execute_ex (zend_vm_execute.h:363)
==3036==    by 0x84FD3F: zend_execute (zend_vm_execute.h:388)
==3036==    by 0x810E00: zend_execute_scripts (zend.c:1327)
==3036==    by 0x779E7A: php_execute_script (main.c:2525)
==3036==    by 0x8BFAB4: do_cli (php_cli.c:994)
==3036==    by 0x8C0DE2: main (php_cli.c:1378)

We don't three the ZEND_ACC_CALL_VIA_HANDLER temp function. Applies to __call, __callStatic and probably Closure __invoke.

Reproducible in PHP 5.5, PHP 5.6 and PHP 7.

 [2015-03-10 17:26 UTC] nikic@php.net