Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
  Fixed bug #54350

Author: nikic

ext/standard/tests/filters/bug54350.phpt

@@ -0,0 +1,26 @@
+--TEST--
+Bug #54350: Memory corruption with user_filter
+--FILE--
+<?php
+
+class user_filter extends php_user_filter {
+    function filter($in, $out, &$consumed, $closing): int {
+        while ($bucket = stream_bucket_make_writeable($in)) {
+        }
+        try {
+            fclose($this->stream);
+        } catch (TypeError $e) {
+            echo $e->getMessage(), "\n";
+        }
+        return 0;
+    }
+}
+stream_filter_register('user_filter','user_filter');
+$fd = fopen('php://memory','w');
+$filter = stream_filter_append($fd, 'user_filter');
+fwrite($fd, "foo");
+
+?>
+--EXPECTF--
+Warning: fclose(): 5 is not a valid stream resource in %s on line %d
+fclose(): supplied resource is not a valid stream resource

ext/standard/user_filters.c

@@ -155,6 +155,10 @@ php_stream_filter_status_t userfilter_filter(
 		return ret;
 	}
 
+	/* Make sure the stream is not closed while the filter callback executes. */
+	uint32_t orig_no_fclose = stream->flags & PHP_STREAM_FLAG_NO_FCLOSE;
+	stream->flags |= PHP_STREAM_FLAG_NO_FCLOSE;
+
 	zval *stream_prop = zend_hash_str_find_ind(Z_OBJPROP_P(obj), "stream", sizeof("stream")-1);
 	if (stream_prop) {
 		/* Give the userfilter class a hook back to the stream */
@@ -228,6 +232,9 @@ php_stream_filter_status_t userfilter_filter(
 	zval_ptr_dtor(&args[1]);
 	zval_ptr_dtor(&args[0]);
 
+	stream->flags &= ~PHP_STREAM_FLAG_NO_FCLOSE;
+	stream->flags |= orig_no_fclose;
+
 	return ret;
 }