From 6df67ace20ef845f566fe0cb2f1e2adbfd92062a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gustavo=20Andr=C3=A9=20dos=20Santos=20Lopes?=
 <cataphract@php.net>
Date: Sun, 1 May 2011 03:57:01 +0000
Subject: [PATCH] - Fixed bug #54623 (Segfault when when writing to a
 persistent socket after   closing a copy of the socket).

---
 NEWS                                     |  4 ++++
 ext/standard/tests/streams/bug54623.phpt | 17 ++++++++++++++
 main/streams/streams.c                   | 29 +++++++++++++++++++++---
 3 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 ext/standard/tests/streams/bug54623.phpt

diff --git a/NEWS b/NEWS
index 2a11f90cb3..16ac3f6260 100644
--- a/NEWS
+++ b/NEWS
@@ -109,6 +109,10 @@ PHP                                                                        NEWS
   . Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator).
     (Felipe)
 
+- Streams:
+  . Fixed bug #54623 (Segfault when when writing to a persistent socket after
+    closing a copy of the socket). (Gustavo)
+
 17 Mar 2011, PHP 5.3.6
 - Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
 - Upgraded bundled PCRE to version 8.11. (Ilia)
diff --git a/ext/standard/tests/streams/bug54623.phpt b/ext/standard/tests/streams/bug54623.phpt
new file mode 100644
index 0000000000..cd83854f43
--- /dev/null
+++ b/ext/standard/tests/streams/bug54623.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54623: Segfault when when writing to a persistent socket after closing a copy of the socket
+--FILE--
+<?php
+$sock = pfsockopen('udp://127.0.0.1', '63844');
+var_dump((int)$sock);
+fwrite($sock, "1");
+$sock2 = pfsockopen('udp://127.0.0.1', '63844');
+var_dump((int)$sock2);
+fwrite($sock2, "2");
+fclose($sock2);
+fwrite($sock, "3");
+--EXPECTF--
+int(%d)
+int(%d)
+
+Warning: fwrite(): %d is not a valid stream resource in %s on line %d
diff --git a/main/streams/streams.c b/main/streams/streams.c
index 9de8f2451c..9c05017165 100755
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -112,9 +112,32 @@ PHPAPI int php_stream_from_persistent_id(const char *persistent_id, php_stream *
 	if (zend_hash_find(&EG(persistent_list), (char*)persistent_id, strlen(persistent_id)+1, (void*) &le) == SUCCESS) {
 		if (Z_TYPE_P(le) == le_pstream) {
 			if (stream) {
+				HashPosition pos;
+				zend_rsrc_list_entry *regentry;
+				ulong index = -1; /* intentional */
+
+				/* see if this persistent resource already has been loaded to the
+				 * regular list; allowing the same resource in several entries in the
+				 * regular list causes trouble (see bug #54623) */
+				zend_hash_internal_pointer_reset_ex(&EG(regular_list), &pos);
+				while (zend_hash_get_current_data_ex(&EG(regular_list),
+						(void **)&regentry, &pos) == SUCCESS) {
+					if (regentry->ptr == le->ptr) {
+						zend_hash_get_current_key_ex(&EG(regular_list), NULL, NULL,
+							&index, 0, &pos);
+						break;
+					}
+					zend_hash_move_forward_ex(&EG(regular_list), &pos);
+				}
+				
 				*stream = (php_stream*)le->ptr;
-				le->refcount++;
-				(*stream)->rsrc_id = ZEND_REGISTER_RESOURCE(NULL, *stream, le_pstream);
+				if (index == -1) { /* not found in regular list */
+					le->refcount++;
+					(*stream)->rsrc_id = ZEND_REGISTER_RESOURCE(NULL, *stream, le_pstream);
+				} else {
+					regentry->refcount++;
+					(*stream)->rsrc_id = index;
+				}
 			}
 			return PHP_STREAM_PERSISTENT_SUCCESS;
 		}
@@ -404,7 +427,7 @@ fprintf(stderr, "stream_free: %s:%p[%s] preserve_handle=%d release_cast=%d remov
 				stream->orig_path = NULL;
 			}
 
-# if defined(PHP_WIN32)
+# if defined(PHP_WIN32_)
 			OutputDebugString(leakinfo);
 # else
 			fprintf(stderr, "%s", leakinfo);
-- 
2.50.1