Fix GH-22118: Compare equivalent fake closures in FCCs

Author: prateekbhujel

Zend/zend_API.h

@@ -747,20 +747,42 @@ ZEND_API void zend_fcall_info_argn(zend_fcall_info *fci, uint32_t argc, ...);
 ZEND_API zend_result zend_fcall_info_call(zend_fcall_info *fci, zend_fcall_info_cache *fcc, zval *retval, zval *args);
 
 /* Zend FCC API to store and handle PHP userland functions */
+static zend_always_inline bool zend_fcc_closure_objects_equals(zend_object *closure1, zend_object *closure2)
+{
+	extern ZEND_API zend_class_entry *zend_ce_closure;
+	zval closure_zv1, closure_zv2;
+
+	if (closure1 == closure2) {
+		return true;
+	}
+	if (!closure1 || !closure2) {
+		return false;
+	}
+	if (closure1->ce != zend_ce_closure || closure2->ce != zend_ce_closure) {
+		return false;
+	}
+
+	ZVAL_OBJ(&closure_zv1, closure1);
+	ZVAL_OBJ(&closure_zv2, closure2);
+
+	return zend_compare_objects(&closure_zv1, &closure_zv2) == 0;
+}
+
 static zend_always_inline bool zend_fcc_equals(const zend_fcall_info_cache* a, const zend_fcall_info_cache* b)
 {
+	if (a->closure || b->closure) {
+		return zend_fcc_closure_objects_equals(a->closure, b->closure);
+	}
 	if (UNEXPECTED((a->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) &&
 		(b->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE))) {
 		return a->object == b->object
 			&& a->calling_scope == b->calling_scope
-			&& a->closure == b->closure
 			&& zend_string_equals(a->function_handler->common.function_name, b->function_handler->common.function_name)
 		;
 	}
 	return a->function_handler == b->function_handler
 		&& a->object == b->object
 		&& a->calling_scope == b->calling_scope
-		&& a->closure == b->closure
 	;
 }
 

ext/spl/php_spl.c

@@ -398,20 +398,21 @@ static autoload_func_info *autoload_func_info_from_fci(
 
 static bool autoload_func_info_equals(
 		const autoload_func_info *alfi1, const autoload_func_info *alfi2) {
+	if (alfi1->closure || alfi2->closure) {
+		return zend_fcc_closure_objects_equals(alfi1->closure, alfi2->closure);
+	}
 	if (UNEXPECTED(
 		(alfi1->func_ptr->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) &&
 		(alfi2->func_ptr->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE)
 	)) {
 		return alfi1->obj == alfi2->obj
 			&& alfi1->ce == alfi2->ce
-			&& alfi1->closure == alfi2->closure
 			&& zend_string_equals(alfi1->func_ptr->common.function_name, alfi2->func_ptr->common.function_name)
 		;
 	}
 	return alfi1->func_ptr == alfi2->func_ptr
 		&& alfi1->obj == alfi2->obj
-		&& alfi1->ce == alfi2->ce
-		&& alfi1->closure == alfi2->closure;
+		&& alfi1->ce == alfi2->ce;
 }
 
 static zend_class_entry *spl_perform_autoload(zend_string *class_name, zend_string *lc_name) {

ext/spl/tests/gh22118.phpt

@@ -0,0 +1,33 @@
+--TEST--
+GH-22118: spl_autoload_unregister() unregisters equivalent first-class method callables
+--FILE--
+<?php
+class AutoloadTest
+{
+	public function load(string $class): void
+	{
+		echo "autoload $class\n";
+	}
+
+	public function __call(string $name, array $arguments): void
+	{
+		echo "autoload {$arguments[0]}\n";
+	}
+
+	public function run(): void
+	{
+		spl_autoload_register($this->load(...));
+		var_dump(spl_autoload_unregister($this->load(...)));
+		spl_autoload_call('MissingDirect');
+
+		spl_autoload_register($this->missing(...));
+		var_dump(spl_autoload_unregister($this->missing(...)));
+		spl_autoload_call('MissingTrampoline');
+	}
+}
+
+(new AutoloadTest())->run();
+?>
+--EXPECT--
+bool(true)
+bool(true)

ext/standard/tests/general_functions/gh22118.phpt

@@ -0,0 +1,40 @@
+--TEST--
+GH-22118: unregister_tick_function() unregisters equivalent first-class method callables
+--FILE--
+<?php
+declare(ticks=1);
+
+class TickTest
+{
+	public int $direct = 0;
+	public int $trampoline = 0;
+
+	public function kick(): void
+	{
+		$this->direct++;
+	}
+
+	public function __call(string $name, array $arguments): void
+	{
+		$this->trampoline++;
+	}
+
+	public function run(): void
+	{
+		register_tick_function($this->kick(...));
+		unregister_tick_function($this->kick(...));
+		echo "direct: {$this->direct}\n";
+
+		register_tick_function($this->missing(...));
+		unregister_tick_function($this->missing(...));
+		echo "trampoline: {$this->trampoline}\n";
+	}
+}
+
+(new TickTest())->run();
+echo "done\n";
+?>
+--EXPECT--
+direct: 1
+trampoline: 1
+done