From ed280f1d8bf11795bb7fde689616571710edfdc9 Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Sun, 11 Jan 2026 19:26:34 +0100
Subject: [PATCH] Fix leaked parent property default value

Fixes OSS-Fuzz #474613951
---
 Zend/tests/oss-fuzz-474613951.phpt | 17 +++++++++++++++++
 Zend/zend_inheritance.c            |  5 ++---
 2 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100644 Zend/tests/oss-fuzz-474613951.phpt

diff --git a/Zend/tests/oss-fuzz-474613951.phpt b/Zend/tests/oss-fuzz-474613951.phpt
new file mode 100644
index 0000000000000..552be2e0116a9
--- /dev/null
+++ b/Zend/tests/oss-fuzz-474613951.phpt
@@ -0,0 +1,17 @@
+--TEST--
+OSS-Fuzz #474613951: Leaked parent property default value
+--FILE--
+<?php
+
+class A {
+    public $prop = C { get => $this->prop; }
+}
+
+class B extends A {
+    public $prop { get => 42; }
+}
+
+?>
+===DONE===
+--EXPECT--
+===DONE===
diff --git a/Zend/zend_inheritance.c b/Zend/zend_inheritance.c
index f7f757b438e27..56e5bdb9295a6 100644
--- a/Zend/zend_inheritance.c
+++ b/Zend/zend_inheritance.c
@@ -1495,10 +1495,9 @@ static void do_inherit_property(zend_property_info *parent_info, zend_string *ke
 				}
 
 				int parent_num = OBJ_PROP_TO_NUM(parent_info->offset);
+				/* Don't keep default properties in GC (they may be freed by opcache) */
+				zval_ptr_dtor_nogc(&(ce->default_properties_table[parent_num]));
 				if (child_info->offset != ZEND_VIRTUAL_PROPERTY_OFFSET) {
-					/* Don't keep default properties in GC (they may be freed by opcache) */
-					zval_ptr_dtor_nogc(&(ce->default_properties_table[parent_num]));
-
 					if (use_child_prop) {
 						ZVAL_UNDEF(&ce->default_properties_table[parent_num]);
 					} else {