From 2fb8bb1157958465a8b12c1a41015b907787c17a Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Sat, 3 Oct 2015 20:33:24 -0700
Subject: [PATCH] Fixed bug #70632 (Third one of segfault in
 gc_remove_from_buffer)

---
 NEWS                            |  2 ++
 Zend/zend_compile.c             |  6 +-----
 ext/opcache/tests/bug70632.phpt | 21 +++++++++++++++++++++
 3 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 ext/opcache/tests/bug70632.phpt

diff --git a/NEWS b/NEWS
index 79ca9877be..d8d0354f01 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ PHP                                                                        NEWS
   . Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
 
 - Opcache:
+  . Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
+    (Laruence)
   . Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). (Laruence)
   . Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
 
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 0bfb770f3f..5ff1b042c2 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -3472,10 +3472,7 @@ static char * zend_get_function_declaration(zend_function *fptr TSRMLS_DC) /* {{
 					if (precv && precv->opcode == ZEND_RECV_INIT && precv->op2_type != IS_UNUSED) {
 						zval *zv, zv_copy;
 						int use_copy;
-						ALLOC_ZVAL(zv);
-						*zv = *precv->op2.zv;
-						zval_copy_ctor(zv);
-						INIT_PZVAL(zv);
+						zv = precv->op2.zv;
 						if ((Z_TYPE_P(zv) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT) {
 							REALLOC_BUF_IF_EXCEED(buf, offset, length, Z_STRLEN_P(zv));
 							memcpy(offset, Z_STRVAL_P(zv), Z_STRLEN_P(zv));
@@ -3517,7 +3514,6 @@ static char * zend_get_function_declaration(zend_function *fptr TSRMLS_DC) /* {{
 								zval_dtor(&zv_copy);
 							}
 						}
-						zval_ptr_dtor(&zv);
 					}
 				} else {
 					memcpy(offset, "NULL", 4);
diff --git a/ext/opcache/tests/bug70632.phpt b/ext/opcache/tests/bug70632.phpt
new file mode 100644
index 0000000000..4cdb5d84f9
--- /dev/null
+++ b/ext/opcache/tests/bug70632.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #70632 (Third one of segfault in gc_remove_from_buffer)
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.protect_memory=1
+--SKIPIF--
+<?php if (!extension_loaded('Zend OPcache')) die("skip"); ?>
+--FILE--
+<?php
+
+class A {
+	public function test($a = array("okey")) {
+	}
+}
+
+
+eval ("class B extends A { public function test() {} }");
+?>
+--EXPECTF--
+Strict Standards: Declaration of B::test() should be compatible with A::test($a = Array) in %sbug70632.php(%d) : eval()'d code on line %d
-- 
2.40.0