Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
  Fix zend_observer_fcall_end_all() accessing dangling pointers

Author: cmb69

NEWS

@@ -14,6 +14,8 @@ PHP                                                                        NEWS
   . Fixed bug GH-7757 (Multi-inherited final constant causes fatal error).
     (cmb)
   . Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera)
+  . Fixed zend_observer_fcall_end_all() accessing dangling pointers. (Florian
+    Sowade)
 
 - Filter:
   . Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong)

Zend/zend_observer.c

@@ -236,6 +236,7 @@ ZEND_API void ZEND_FASTCALL zend_observer_fcall_end(
 		zend_execute_data *ex = execute_data->prev_execute_data;
 		while (ex && (!ex->func || ex->func->type == ZEND_INTERNAL_FUNCTION
 		          || !ZEND_OBSERVABLE_FN(ex->func->common.fn_flags)
+		          || !&RUN_TIME_CACHE(&ex->func->op_array)
 		          || !ZEND_OBSERVER_DATA(&ex->func->op_array)
 		          || ZEND_OBSERVER_DATA(&ex->func->op_array) == ZEND_OBSERVER_NOT_OBSERVED)) {
 			ex = ex->prev_execute_data;

ext/zend_test/tests/observer_bug81430_1.phpt

@@ -0,0 +1,27 @@
+--TEST--
+Bug #81430 (Attribute instantiation frame has no run time cache)
+--INI--
+memory_limit=20M
+zend_test.observer.enabled=1
+zend_test.observer.observe_all=1
+--FILE--
+<?php
+
+#[\Attribute]
+class A {
+        public function __construct() {}
+}
+
+#[A]
+function B() {}
+
+$r = new \ReflectionFunction("B");
+call_user_func([$r->getAttributes(A::class)[0], 'newInstance']);
+?>
+--EXPECTF--
+<!-- init '%s' -->
+<file '%s'>
+  <!-- init A::__construct() -->
+  <A::__construct>
+  </A::__construct>
+</file '%s'>