diff options
| -rw-r--r-- | Zend/zend_gc.c | 9 | 
1 files changed, 6 insertions, 3 deletions
| diff --git a/Zend/zend_gc.c b/Zend/zend_gc.c index 5aaef4ff8f..31bec4cb50 100644 --- a/Zend/zend_gc.c +++ b/Zend/zend_gc.c @@ -325,9 +325,12 @@ static zend_always_inline gc_root_buffer* gc_find_additional_buffer(zend_refcoun  	/* We have to check each additional_buffer to find which one holds the ref */  	while (additional_buffer) { -		gc_root_buffer *root = additional_buffer->buf + (GC_ADDRESS(GC_INFO(ref)) - GC_ROOT_BUFFER_MAX_ENTRIES); -		if (root->ref == ref) { -			return root; +		uint32_t idx = GC_ADDRESS(GC_INFO(ref)) - GC_ROOT_BUFFER_MAX_ENTRIES; +		if (idx < additional_buffer->used) { +			gc_root_buffer *root = additional_buffer->buf + idx; +			if (root->ref == ref) { +				return root; +			}  		}  		additional_buffer = additional_buffer->next;  	} | 
