From 3d86e6d881a5f425c3b37a85ea7f1eb5acd12b18 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Mon, 10 Dec 2012 20:29:51 +0800
Subject: [PATCH] Fixed bug #63726 (Memleak with static properties and
 internal/user classes)

No test scripts provided (will try to find one)
---
 NEWS                        | 2 ++
 Zend/zend_API.c             | 2 ++
 Zend/zend_compile.c         | 2 +-
 Zend/zend_object_handlers.c | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 2023198d19..29b62a3955 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 ?? ??? 2012, PHP 5.4.10
 
 - Core:
+  . Fixed bug #63726 (Memleak with static properties and internal/user
+    classes). (Laruence)
   . Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
   . Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes
     from value). (Pierrick)
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index c3d62c2729..6dadd4d060 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -3708,6 +3708,8 @@ ZEND_API int zend_update_static_property(zend_class_entry *scope, const char *na
 				(*property)->value = value->value;
 				if (Z_REFCOUNT_P(value) > 0) {
 					zval_copy_ctor(*property);
+				} else {
+					efree(value);
 				}
 			} else {
 				zval *garbage = *property;
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index f25e7fac6d..917e0c1097 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -3333,7 +3333,7 @@ static zend_bool do_inherit_property_access_check(HashTable *target_ht, zend_pro
 		if ((child_info->flags & ZEND_ACC_PPP_MASK) > (parent_info->flags & ZEND_ACC_PPP_MASK)) {
 			zend_error(E_COMPILE_ERROR, "Access level to %s::$%s must be %s (as in class %s)%s", ce->name, hash_key->arKey, zend_visibility_string(parent_info->flags), parent_ce->name, (parent_info->flags&ZEND_ACC_PUBLIC) ? "" : " or weaker");
 		} else if ((child_info->flags & ZEND_ACC_STATIC) == 0) {
-			Z_DELREF_P(ce->default_properties_table[parent_info->offset]);
+			zval_ptr_dtor(&(ce->default_properties_table[parent_info->offset]));
 			ce->default_properties_table[parent_info->offset] = ce->default_properties_table[child_info->offset];
 			ce->default_properties_table[child_info->offset] = NULL;
 			child_info->offset = parent_info->offset;
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index d82493aeaf..3374b0b3cf 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -539,6 +539,8 @@ ZEND_API void zend_std_write_property(zval *object, zval *member, zval *value, c
 				(*variable_ptr)->value = value->value;
 				if (Z_REFCOUNT_P(value) > 0) {
 					zval_copy_ctor(*variable_ptr);
+				} else {
+					efree(value);
 				}
 				zval_dtor(&garbage);
 			} else {
-- 
2.40.0