Description:
------------
This is just a minimal example, demonstrating a memory leak I found writing/debugging a php extension.

I have custom get_method/call_method handlers on a class exported by the extension to allow dispatching arbitrary calls off php.

However every direct function call leaks a reference on the object itself;
while a call using call_user_func does *not*.

I wrote a minimal php "hello" extension, which demonstrates the problem, available at https://gist.github.com/stesie/40d9ab136bea473a16ac
It exports a Hello class, which returns this_ptr->refcount__gc on any method call.

Each time I call $foo->blar() the refcount__gc is incremented once more then decremented.  (i.e. leaks a ref to the object)

If I call_user_func([ $foo, 'blar']) however, which I would expect to behave identical, there's no refcount__gc leak.


I have not digged further into Zend internals, let me know if that would help.
... or if I'm completely off or doing it wrong :)


cheers
  ~stesie

Test script:
---------------
<?php
 
$foo = new Hello();
var_dump($foo);
 
echo "--- direct method call ---\n";
var_dump($foo->blar());
var_dump($foo->blar());
var_dump($foo->blar());
 
echo "--- call_user_func calls ---\n";
var_dump(call_user_func([ $foo, 'blar' ]));
var_dump(call_user_func([ $foo, 'blar' ]));
var_dump(call_user_func([ $foo, 'blar' ]));

Expected result:
----------------
successing direct method calls should not increment refcount__gc

Actual result:
--------------
object(Hello)#1 (0) {
}
--- direct method call ---
int(2)
int(3)
int(4)
--- call_user_func calls ---
int(6)
int(6)
int(6)
[Wed Nov  5 22:40:08 2014]  Script:  '/tmp/40d9ab136bea473a16ac/foo.php'
/usr/local/src/php-5.6.2/Zend/zend_vm_execute.h(944) :  Freeing 0x7FFFF7FE2578 (32 bytes), script=/tmp/40d9ab136bea473a16ac/foo.php
=== Total 1 memory leaks detected ===
[Inferior 1 (process 1711) exited normally]