From 76c28f878ae37975b5520aaedf4b8f2986fe540b Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Fri, 21 Feb 2014 22:39:27 +0800
Subject: [PATCH] Fixed missed REFCOUNTED checking

---
 Zend/zend_execute_API.c | 44 +++++++++++++++++++++--------------------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index dc194d051d..e0dede14f5 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -831,31 +831,33 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS
 		zval *param;
 
 		if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)) {
-			if (!Z_ISREF(fci->params[i]) && Z_REFCOUNT(fci->params[i]) > 1) {
-				zval new_zval;
-
-				if (fci->no_separation &&
-				    !ARG_MAY_BE_SENT_BY_REF(EX(function_state).function, i + 1)) {
-					if (i || UNEXPECTED(ZEND_VM_STACK_ELEMETS(EG(argument_stack)) == (EG(argument_stack)->top))) {
-						/* hack to clean up the stack */
-						ZVAL_LONG(&tmp, i);
-						zend_vm_stack_push(&tmp TSRMLS_CC);
-						zend_vm_stack_clear_multiple(0 TSRMLS_CC);
+			if (Z_REFCOUNTED(fci->params[i])) {
+				if (!Z_ISREF(fci->params[i]) && Z_REFCOUNT(fci->params[i]) > 1) {
+					zval new_zval;
+
+					if (fci->no_separation &&
+						!ARG_MAY_BE_SENT_BY_REF(EX(function_state).function, i + 1)) {
+						if (i || UNEXPECTED(ZEND_VM_STACK_ELEMETS(EG(argument_stack)) == (EG(argument_stack)->top))) {
+							/* hack to clean up the stack */
+							ZVAL_LONG(&tmp, i);
+							zend_vm_stack_push(&tmp TSRMLS_CC);
+							zend_vm_stack_clear_multiple(0 TSRMLS_CC);
+						}
+
+						zend_error(E_WARNING, "Parameter %d to %s%s%s() expected to be a reference, value given",
+							i+1,
+							EX(function_state).function->common.scope ? EX(function_state).function->common.scope->name->val : "",
+							EX(function_state).function->common.scope ? "::" : "",
+							EX(function_state).function->common.function_name->val);
+						return FAILURE;
 					}
 
-					zend_error(E_WARNING, "Parameter %d to %s%s%s() expected to be a reference, value given",
-						i+1,
-						EX(function_state).function->common.scope ? EX(function_state).function->common.scope->name->val : "",
-						EX(function_state).function->common.scope ? "::" : "",
-						EX(function_state).function->common.function_name->val);
-					return FAILURE;
+					ZVAL_DUP(&new_zval, &fci->params[i]);
+					Z_DELREF(fci->params[i]);
+					ZVAL_COPY_VALUE(&fci->params[i], &new_zval);
 				}
-
-				ZVAL_DUP(&new_zval, &fci->params[i]);
-				Z_DELREF(fci->params[i]);
-				ZVAL_COPY_VALUE(&fci->params[i], &new_zval);
+				Z_ADDREF(fci->params[i]);
 			}
-			Z_ADDREF(fci->params[i]);
 //???			Z_SET_ISREF_PP(fci->params[i]);
 			param = &fci->params[i];
 		} else if (Z_ISREF(fci->params[i]) &&
-- 
2.40.0