From: Dmitry Stogov Date: Thu, 20 Mar 2014 13:03:32 +0000 (+0400) Subject: Fixed passing argument by refefence from internal functions X-Git-Tag: POST_PHPNG_MERGE~412^2~256 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=36cd92a7d3ae83f8169c6d7cead06ecda0b53df3;p=php Fixed passing argument by refefence from internal functions --- diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 73c00eae03..4ffa199d44 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -867,10 +867,8 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS ZVAL_NEW_REF(&fci->params[i], &tmp); Z_ADDREF(fci->params[i]); } else if (!Z_ISREF(fci->params[i])) { - if (Z_REFCOUNTED(fci->params[i])) { - Z_ADDREF(fci->params[i]); - } ZVAL_NEW_REF(&fci->params[i], &fci->params[i]); + Z_ADDREF(fci->params[i]); } else if (Z_REFCOUNTED(fci->params[i])) { Z_ADDREF(fci->params[i]); } diff --git a/Zend/zend_interfaces.c b/Zend/zend_interfaces.c index 361a8ce9ab..4f36c91f2e 100644 --- a/Zend/zend_interfaces.c +++ b/Zend/zend_interfaces.c @@ -113,6 +113,13 @@ ZEND_API zval* zend_call_method(zval *object, zend_class_entry *obj_ce, zend_fun zend_error(E_CORE_ERROR, "Couldn't execute method %s%s%s", obj_ce ? obj_ce->name->val : "", obj_ce ? "::" : "", function_name); } } + /* copy arguments back, they might be changed by references */ + if (param_count > 0) { + ZVAL_COPY_VALUE(arg1, ¶ms[0]); + } + if (param_count > 1) { + ZVAL_COPY_VALUE(arg2, ¶ms[1]); + } if (!retval_ptr) { zval_ptr_dtor(&retval); return NULL; diff --git a/Zend/zend_variables.c b/Zend/zend_variables.c index c7faba8bfe..995a648ef3 100644 --- a/Zend/zend_variables.c +++ b/Zend/zend_variables.c @@ -78,7 +78,7 @@ ZEND_API void _zval_dtor_func(zend_refcounted *p ZEND_FILE_LINE_DC) case IS_REFERENCE: { zend_reference *ref = (zend_reference*)p; if (--ref->gc.refcount == 0) { - zval_dtor(&ref->val); + zval_ptr_dtor(&ref->val); goto gc_exit; } goto exit; @@ -142,7 +142,7 @@ ZEND_API void _zval_dtor_func_for_ptr(zend_refcounted *p ZEND_FILE_LINE_DC) case IS_REFERENCE: { zend_reference *ref = (zend_reference*)p; - zval_dtor(&ref->val); + zval_ptr_dtor(&ref->val); goto gc_exit; } default: