php · devnexen · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025 · Nov 1, 2025
@@ -1077,6 +1077,14 @@ ZEND_API zend_result zend_call_method_if_exists(
 		zend_object *object, zend_string *method_name, zval *retval,
 		uint32_t param_count, zval *params)
 {
+	if (UNEXPECTED(!EG(active))) {
+#if ZEND_DEBUG
+		ZEND_UNREACHABLE();
+#endif
+		ZVAL_UNDEF(retval);
+		return FAILURE;
+	}
+
 	zend_fcall_info fci;
 	fci.size = sizeof(zend_fcall_info);
 	fci.object = object;

@@ -0,0 +1,40 @@
+--TEST--
+GH-20286 use after destroy on userland stream_close
+--CREDITS--
+vi3tL0u1s
+--SKIPIF--
+<?php
+if (PHP_DEBUG) die('skip requires release build');
+?>
+--FILE--
+<?php
+class lib {
+   public $context;
+   function stream_set() {}
+   function stream_set_option() {}
+   function stream_stat() {
+     return true;
+   }
+   function stream_open() {
+     return true;
+   }
+
+   function stream_read($count) {
+     function a() {}
+     include('lib://');
+   }
+
+   function stream_close() {
+     include('lib://');
+   }
+}
+stream_wrapper_register('lib', lib::class);
+include('lib://test.php');
+?>
+--EXPECTF--
+
+Fatal error: Cannot redeclare a() (previously declared in %s:%d) in %s on line %d
+
+Fatal error: Cannot redeclare a() (previously declared in %s:%d) in %s on line %d
+
+Fatal error: Cannot redeclare a() (previously declared in %s:%d) in %s on line %d
@@ -695,6 +695,10 @@ static int php_userstreamop_close(php_stream *stream, int close_handle)
 
 	assert(us != NULL);
 
+	if (UNEXPECTED(stream->wrapper->wops != &user_stream_wops)) {
+		stream->wrapper->wops = &user_stream_wops;
+	}
+
 	ZVAL_STRINGL(&func_name, USERSTREAM_CLOSE, sizeof(USERSTREAM_CLOSE)-1);
 
 	call_method_if_exists(&us->object, &func_name, &retval, 0, NULL);