From 1d6c98a136d9217e3fd8ae1349f9ecdf541d6ea7 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Mon, 5 Dec 2011 09:20:12 +0000
Subject: [PATCH] Fixed bug #60444 (Segmentation fault with include & class
 extending)

---
 Zend/tests/bug60444.phpt | 18 ++++++++++++++++++
 Zend/zend_compile.c      | 10 +++++-----
 2 files changed, 23 insertions(+), 5 deletions(-)
 create mode 100644 Zend/tests/bug60444.phpt

diff --git a/Zend/tests/bug60444.phpt b/Zend/tests/bug60444.phpt
new file mode 100644
index 0000000000..38f81bc413
--- /dev/null
+++ b/Zend/tests/bug60444.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #60444 (Segmentation fault with include & class extending)
+--FILE--
+<?php
+class Foo {
+	public function __construct() {
+		eval("class Bar extends Foo {}");
+		Some::foo($this);
+	}
+}
+class Some {
+	public static function foo(Foo $foo) {
+	}
+}
+new Foo;
+echo "done\n";
+--EXPECT--
+done
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 9a4afc05a8..73a5652dc4 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -2809,7 +2809,7 @@ ZEND_API void function_add_ref(zend_function *function) /* {{{ */
 
 static void do_inherit_parent_constructor(zend_class_entry *ce) /* {{{ */
 {
-	zend_function *function;
+	zend_function *function, *new_function;
 
 	if (!ce->parent) {
 		return;
@@ -2870,8 +2870,8 @@ static void do_inherit_parent_constructor(zend_class_entry *ce) /* {{{ */
 
 	if (zend_hash_find(&ce->parent->function_table, ZEND_CONSTRUCTOR_FUNC_NAME, sizeof(ZEND_CONSTRUCTOR_FUNC_NAME), (void **)&function)==SUCCESS) {
 		/* inherit parent's constructor */
-		zend_hash_update(&ce->function_table, ZEND_CONSTRUCTOR_FUNC_NAME, sizeof(ZEND_CONSTRUCTOR_FUNC_NAME), function, sizeof(zend_function), NULL);
-		function_add_ref(function);
+		zend_hash_update(&ce->function_table, ZEND_CONSTRUCTOR_FUNC_NAME, sizeof(ZEND_CONSTRUCTOR_FUNC_NAME), function, sizeof(zend_function), (void**)&new_function);
+		function_add_ref(new_function);
 	} else {
 		/* Don't inherit the old style constructor if we already have the new style constructor */
 		char *lc_class_name;
@@ -2884,8 +2884,8 @@ static void do_inherit_parent_constructor(zend_class_entry *ce) /* {{{ */
 					zend_hash_find(&ce->parent->function_table, lc_parent_class_name, ce->parent->name_length+1, (void **)&function)==SUCCESS) {
 				if (function->common.fn_flags & ZEND_ACC_CTOR) {
 					/* inherit parent's constructor */
-					zend_hash_update(&ce->function_table, lc_parent_class_name, ce->parent->name_length+1, function, sizeof(zend_function), NULL);
-					function_add_ref(function);
+					zend_hash_update(&ce->function_table, lc_parent_class_name, ce->parent->name_length+1, function, sizeof(zend_function), (void**)new_function);
+					function_add_ref(new_function);
 				}
 			}
 			efree(lc_parent_class_name);
-- 
2.40.0