From 47c90c571f147418bb665a8ed22dfda91eb5bbbf Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Mon, 6 Feb 2006 11:46:12 +0000
Subject: [PATCH] Fixed bug #36303 (foreach on error_zval produces segfault)

---
 Zend/tests/bug36303.phpt | 12 ++++++++++++
 Zend/zend_vm_def.h       |  4 +++-
 Zend/zend_vm_execute.h   | 16 ++++++++++++----
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100755 Zend/tests/bug36303.phpt

diff --git a/Zend/tests/bug36303.phpt b/Zend/tests/bug36303.phpt
new file mode 100755
index 0000000000..612022ad56
--- /dev/null
+++ b/Zend/tests/bug36303.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug #36303 (foreach on error_zval produces segfault)
+--FILE--
+<?php
+$x="test";
+foreach($x->a->b as &$v) {
+}
+echo "ok\n";
+?>
+--EXPECTF--
+Warning: Invalid argument supplied for foreach() in %sbug36303.php on line 3
+ok
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index b07ea0c6be..076ef56e8c 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3058,7 +3058,9 @@ ZEND_VM_HANDLER(77, ZEND_FE_RESET, CONST|TMP|VAR|CV, ANY)
 			}
 			array_ptr = *array_ptr_ptr;
 		} else {
-			SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+				SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			}
 			array_ptr = *array_ptr_ptr;
 			array_ptr->refcount++;
 		}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 88226faa6c..4979a703e7 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -1997,7 +1997,9 @@ static int ZEND_FE_RESET_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 			}
 			array_ptr = *array_ptr_ptr;
 		} else {
-			SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+				SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			}
 			array_ptr = *array_ptr_ptr;
 			array_ptr->refcount++;
 		}
@@ -4495,7 +4497,9 @@ static int ZEND_FE_RESET_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 			}
 			array_ptr = *array_ptr_ptr;
 		} else {
-			SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+				SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			}
 			array_ptr = *array_ptr_ptr;
 			array_ptr->refcount++;
 		}
@@ -7590,7 +7594,9 @@ static int ZEND_FE_RESET_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 			}
 			array_ptr = *array_ptr_ptr;
 		} else {
-			SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+				SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			}
 			array_ptr = *array_ptr_ptr;
 			array_ptr->refcount++;
 		}
@@ -20230,7 +20236,9 @@ static int ZEND_FE_RESET_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 			}
 			array_ptr = *array_ptr_ptr;
 		} else {
-			SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
+				SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+			}
 			array_ptr = *array_ptr_ptr;
 			array_ptr->refcount++;
 		}
-- 
2.50.1