From 3e479ef424b2193f41a28fda18bde076a79ea71e Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Wed, 22 Jul 2015 22:43:30 +0800
Subject: [PATCH] Fixed bug #70111 (Segfault when a function uses both an
 explicit return type and an explicit cast)

---
 NEWS                                   |  5 +++++
 ext/opcache/Optimizer/zend_optimizer.c | 14 ++++++++++++++
 ext/opcache/tests/bug70111.phpt        | 18 ++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 ext/opcache/tests/bug70111.phpt

diff --git a/NEWS b/NEWS
index 908d8d9aa0..6fed09f52c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,14 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 06 Aug 2015, PHP 7.0.0 Beta 3
+
 - Core:
   . Fixed bug #70106 (Inheritance by anonymous class). (Bob)
 
+- Opcache:
+  . Fixed bug #70111 (Segfault when a function uses both an explicit return
+    type and an explicit cast). (Laruence)
+
 23 Jul 2015, PHP 7.0.0 Beta 2
 
 - Core:
diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c
index 9437a22ed0..fe258adbba 100644
--- a/ext/opcache/Optimizer/zend_optimizer.c
+++ b/ext/opcache/Optimizer/zend_optimizer.c
@@ -380,6 +380,20 @@ int zend_optimizer_replace_by_const(zend_op_array *op_array,
 					zval_dtor(val);
 					return 1;
 				}
+				case ZEND_VERIFY_RETURN_TYPE: {
+					zend_arg_info *ret_info = op_array->arg_info - 1;
+					ZEND_ASSERT((opline + 1)->opcode == ZEND_RETURN || (opline + 1)->opcode == ZEND_RETURN_BY_REF);
+					if (ret_info->class_name
+						|| ret_info->type_hint == IS_CALLABLE
+						|| !ZEND_SAME_FAKE_TYPE(ret_info->type_hint, Z_TYPE_P(val))
+						|| (op_array->fn_flags & ZEND_ACC_RETURN_REFERENCE)) {
+						zval_dtor(val);
+						return 0;
+					}
+					MAKE_NOP(opline);
+					zend_optimizer_update_op1_const(op_array, opline + 1, val);
+					return 1;
+				  }
 				default:
 					break;
 			}
diff --git a/ext/opcache/tests/bug70111.phpt b/ext/opcache/tests/bug70111.phpt
new file mode 100644
index 0000000000..465d0ee848
--- /dev/null
+++ b/ext/opcache/tests/bug70111.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #70111 (Segfault when a function uses both an explicit return type and an explicit cast)
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+
+var_dump(foo());
+
+function foo() : string {
+  return (string) 42;
+}
+?>
+--EXPECT--
+string(2) "42"
-- 
2.50.1