Re-fix Bug #65372 (Segfault in gc_zval_possible_root when return reference fails)

author Xinchen Hui <laruence@php.net>

Tue, 6 Aug 2013 07:37:20 +0000 (15:37 +0800)

committer Xinchen Hui <laruence@php.net>

Tue, 6 Aug 2013 07:37:20 +0000 (15:37 +0800)
author Xinchen Hui <laruence@php.net>
Tue, 6 Aug 2013 07:37:20 +0000 (15:37 +0800)
committer Xinchen Hui <laruence@php.net>
Tue, 6 Aug 2013 07:37:20 +0000 (15:37 +0800)
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h

index 83e40b514a4db3ab2eaf204e4bb8b3b5c49bb498..09d0b217a67d23573a721eff001c08ffa0529347 100644 (file)
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2914,6 +2914,7 @@ ZEND_VM_HANDLER(111, ZEND_RETURN_BY_REF, CONST|TMP|VAR|CV, ANY)
  
                                         ALLOC_ZVAL(ret);
                                         INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+                                       zval_copy_ctor(ret);
                                         *EG(return_value_ptr_ptr) = ret;
                                 }
                                 break;
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h

index 339e34bc40c4d03caec71df3925637b2acffca0b..4917cb670a326773b6cad12613d9c8c5333fe882 100644 (file)
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2328,6 +2328,7 @@ static int ZEND_FASTCALL  ZEND_RETURN_BY_REF_SPEC_CONST_HANDLER(ZEND_OPCODE_HAND
  
                                         ALLOC_ZVAL(ret);
                                         INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+                                       zval_copy_ctor(ret);
                                         *EG(return_value_ptr_ptr) = ret;
                                 }
                                 break;
@@ -6749,6 +6750,7 @@ static int ZEND_FASTCALL  ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLE
  
                                         ALLOC_ZVAL(ret);
                                         INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+                                       zval_copy_ctor(ret);
                                         *EG(return_value_ptr_ptr) = ret;
                                 }
                                 break;
@@ -11063,6 +11065,7 @@ static int ZEND_FASTCALL  ZEND_RETURN_BY_REF_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLE
  
                                         ALLOC_ZVAL(ret);
                                         INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+                                       zval_copy_ctor(ret);
                                         *EG(return_value_ptr_ptr) = ret;
                                 }
                                 break;
@@ -27040,6 +27043,7 @@ static int ZEND_FASTCALL  ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER
  
                                         ALLOC_ZVAL(ret);
                                         INIT_PZVAL_COPY(ret, *retval_ptr_ptr);
+                                       zval_copy_ctor(ret);
                                         *EG(return_value_ptr_ptr) = ret;
                                 }
                                 break;
author	Xinchen Hui <laruence@php.net>
	Tue, 6 Aug 2013 07:37:20 +0000 (15:37 +0800)
committer	Xinchen Hui <laruence@php.net>
	Tue, 6 Aug 2013 07:37:20 +0000 (15:37 +0800)
Zend/zend_vm_def.h		patch \| blob \| history
Zend/zend_vm_execute.h		patch \| blob \| history