fix double free call, which caused memory-corruption

Author: EmielBruijntjes

zend/classimpl.cpp

@@ -4,7 +4,7 @@
  *  Implementation file for the ClassImpl class
  *
  *  @author Emiel Bruijntjes <[email protected]>
- *  @copyright 2014 - 2019 Copernica BV
+ *  @copyright 2014 - 2024 Copernica BV
  */
 #include "includes.h"
 #include <cstring>
@@ -207,7 +207,10 @@ zend_function *ClassImpl::getMethod(zend_object **object, zend_string *method, c
     // had an implementation here that used a static variable, and that worked too,
     // but we'll follow thread safe implementation of the Zend engine here, although
     // it is strange to allocate and free memory in one and the same method call (free()
-    // call happens in call_method())
+    // call happens in call_method()) (2024-10-13 extra info: the method_exists() 
+    // function and our own Value::isCallable() method expect this to be emalloc()-
+    // allocated buffer, because they both call zend_free_trampoline() (which is
+    // effectively an efree() call) on the returned function-structure)
     auto *data = (CallData *)emalloc(sizeof(CallData));
     auto *function = &data->func;
 

zend/value.cpp

@@ -891,8 +891,11 @@ bool Value::isCallable(const char *name)
     bool result = func->common.scope == zend_ce_closure && zend_string_equals_cstr(methodname.value(), ZEND_INVOKE_FUNC_NAME, ::strlen(ZEND_INVOKE_FUNC_NAME));
 #endif
 
-    // free resources (still don't get this code, copied from zend_builtin_functions.c)
-    zend_string_release(func->common.function_name);
+    // in method_exists(), there is also a zend_string_release() call here, but I dont think we
+    // need it here, because the methodname is already cleanup by the destructor of the LowerCase class
+    //zend_string_release(func->common.function_name);
+
+    // free resources, just like method_exists() does
     zend_free_trampoline(func);
 
     // done