From 7f5a61fc30b7e91750192560477bc7382cb584f7 Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Wed, 15 Oct 2025 20:36:16 +0200
Subject: [PATCH] Fix accessing of overridden private property in
 get_object_vars()

Fixes GH-20177
---
 Zend/tests/gh20177.phpt     | 25 +++++++++++++++++++++++++
 Zend/zend_object_handlers.c |  7 +++++++
 2 files changed, 32 insertions(+)
 create mode 100644 Zend/tests/gh20177.phpt

diff --git a/Zend/tests/gh20177.phpt b/Zend/tests/gh20177.phpt
new file mode 100644
index 0000000000000..fd69460067f97
--- /dev/null
+++ b/Zend/tests/gh20177.phpt
@@ -0,0 +1,25 @@
+--TEST--
+GH-20177: Access overridden private property in get_object_vars()
+--FILE--
+<?php
+
+class A {
+    private $prop = 'A::$prop';
+
+    public function __construct() {
+        var_dump(get_object_vars($this));
+    }
+}
+
+class B extends A {
+    protected $prop = 'B::$prop';
+}
+
+new B;
+
+?>
+--EXPECT--
+array(1) {
+  ["prop"]=>
+  string(8) "A::$prop"
+}
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index 2eacb614f97c4..09374eb3d9bf9 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -528,6 +528,13 @@ ZEND_API zend_result zend_check_property_access(const zend_object *zobj, zend_st
 				return FAILURE;
 			}
 		} else {
+			/* The property we found may be private if we have a private parent
+			 * property and a protected child property, and we're accessing the
+			 * property from the parent's scope. In that case we want to access
+			 * the parent property, not child property. */
+			if (property_info->flags & ZEND_ACC_PRIVATE) {
+				return FAILURE;
+			}
 			ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
 		}
 		return SUCCESS;