From e5435543f321e6f9df4b7bf1f396ba4e8a88e0c4 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 4 May 2025 19:09:05 +0200
Subject: [PATCH] Fix GH-18494: PDO OCI segfault in statement GC

This is the same issue that was fixed in 2ae897fff7af3a794a31a8aeeeeb4f21f6a41393, but now for OCI.
---
 ext/pdo_oci/oci_statement.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/ext/pdo_oci/oci_statement.c b/ext/pdo_oci/oci_statement.c
index f3be69f9c32c2..f91b27975e88e 100644
--- a/ext/pdo_oci/oci_statement.c
+++ b/ext/pdo_oci/oci_statement.c
@@ -98,14 +98,21 @@ static int oci_stmt_dtor(pdo_stmt_t *stmt) /* {{{ */
 		S->einfo.errmsg = NULL;
 	}
 
+	/* TODO: There's php_pdo_stmt_valid_db_obj_handle in PHP-8.5-dev that does these checks. */
+	bool server_obj_usable = !Z_ISUNDEF(stmt->database_object_handle)
+		&& IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
+		&& !(OBJ_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED);
+
 	if (S->cols) {
 		for (i = 0; i < stmt->column_count; i++) {
 			if (S->cols[i].data) {
 				switch (S->cols[i].dtype) {
 					case SQLT_BLOB:
 					case SQLT_CLOB:
-						OCI_TEMPLOB_CLOSE(S->H->env, S->H->svc, S->H->err,
-							(OCILobLocator *) S->cols[i].data);
+						if (server_obj_usable) {
+							OCI_TEMPLOB_CLOSE(S->H->env, S->H->svc, S->H->err,
+								(OCILobLocator *) S->cols[i].data);
+						}
 						OCIDescriptorFree(S->cols[i].data, OCI_DTYPE_LOB);
 						break;
 					default: