From 75c57122e36897c81c33dae81c436f7bad65e35c Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Sun, 9 Jun 2013 22:24:48 +0800
Subject: [PATCH] Fixed bug #64997 (Segfault while using
 RecursiveIteratorIterator on 64-bits systems)

---
 NEWS                    |  6 +++++-
 ext/spl/spl_iterators.c | 19 +++++++++++++------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/NEWS b/NEWS
index 7f54f397a0..d9861d0909 100644
--- a/NEWS
+++ b/NEWS
@@ -17,7 +17,11 @@ PHP                                                                        NEWS
   . Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
 
 - pgsql:
-  - Fixed bug #64609 (pg_convert enum type support). (Matteo)
+  . Fixed bug #64609 (pg_convert enum type support). (Matteo)
+
+- SPL:
+  . Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 
+    64-bits systems). (Laruence)
 
 06 Jun 2013, PHP 5.3.26
 
diff --git a/ext/spl/spl_iterators.c b/ext/spl/spl_iterators.c
index 91f7c8eb7b..cd0af8fbc5 100644
--- a/ext/spl/spl_iterators.c
+++ b/ext/spl/spl_iterators.c
@@ -1025,12 +1025,12 @@ static void spl_recursive_tree_iterator_get_entry(spl_recursive_it_object * obje
 	zend_replace_error_handling(EH_THROW, spl_ce_UnexpectedValueException, &error_handling TSRMLS_CC);
 	if (data && *data) {
 		RETVAL_ZVAL(*data, 1, 0);
-	}
-	if (Z_TYPE_P(return_value) == IS_ARRAY) {
-		zval_dtor(return_value);
-		ZVAL_STRINGL(return_value, "Array", sizeof("Array")-1, 1);
-	} else {
-		convert_to_string(return_value);
+		if (Z_TYPE_P(return_value) == IS_ARRAY) {
+			zval_dtor(return_value);
+			ZVAL_STRINGL(return_value, "Array", sizeof("Array")-1, 1);
+		} else {
+			convert_to_string(return_value);
+		}
 	}
 	zend_restore_error_handling(&error_handling TSRMLS_CC);
 }
@@ -1131,8 +1131,15 @@ SPL_METHOD(RecursiveTreeIterator, current)
 		}
 	}
 
+	INIT_ZVAL(prefix);
+	INIT_ZVAL(entry);
 	spl_recursive_tree_iterator_get_prefix(object, &prefix TSRMLS_CC);
 	spl_recursive_tree_iterator_get_entry(object, &entry TSRMLS_CC);
+	if (Z_TYPE(entry) != IS_STRING) {
+		zval_dtor(&prefix);
+		zval_dtor(&entry);
+		RETURN_NULL();
+	}
 	spl_recursive_tree_iterator_get_postfix(object, &postfix TSRMLS_CC);
 
 	str_len = Z_STRLEN(prefix) + Z_STRLEN(entry) + Z_STRLEN(postfix);
-- 
2.40.0