From 9bb9221642cf320af9ab528dbe5df2f62aa7987e Mon Sep 17 00:00:00 2001
From: Andi Gutmans <andi@php.net>
Date: Wed, 16 Feb 2000 16:49:44 +0000
Subject: [PATCH] -Fix bug 3504 concerning leaks with unset()

---
 Zend/zend_execute.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index fd3715fc00..017b072cba 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -1248,9 +1248,11 @@ binary_assign_op_addr: {
 				NEXT_OPCODE();
 			case ZEND_FETCH_UNSET:
 				zend_fetch_var_address(&opline->result, &opline->op1, &opline->op2, Ts, BP_VAR_R ELS_CC);
+				PZVAL_UNLOCK(*Ts[opline->result.u.var].var.ptr_ptr);
 				if (Ts[opline->result.u.var].var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
 					SEPARATE_ZVAL_IF_NOT_REF(Ts[opline->result.u.var].var.ptr_ptr);
 				}
+				PZVAL_LOCK(*Ts[opline->result.u.var].var.ptr_ptr);
 				NEXT_OPCODE();
 			case ZEND_FETCH_IS:
 				zend_fetch_var_address(&opline->result, &opline->op1, &opline->op2, Ts, BP_VAR_IS ELS_CC);
@@ -1290,9 +1292,11 @@ binary_assign_op_addr: {
 				}
 				*/
 				zend_fetch_dimension_address(&opline->result, &opline->op1, &opline->op2, Ts, BP_VAR_R ELS_CC);
+				PZVAL_UNLOCK(*Ts[opline->result.u.var].var.ptr_ptr);
 				if (Ts[opline->result.u.var].var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
 					SEPARATE_ZVAL_IF_NOT_REF(Ts[opline->result.u.var].var.ptr_ptr);
 				}
+				PZVAL_LOCK(*Ts[opline->result.u.var].var.ptr_ptr);
 				NEXT_OPCODE();
 			case ZEND_FETCH_OBJ_R:
 				zend_fetch_property_address(&opline->result, &opline->op1, &opline->op2, Ts, BP_VAR_R ELS_CC);
@@ -1319,9 +1323,12 @@ binary_assign_op_addr: {
 				NEXT_OPCODE();
 			case ZEND_FETCH_OBJ_UNSET:
 				zend_fetch_property_address(&opline->result, &opline->op1, &opline->op2, Ts, BP_VAR_R ELS_CC);
+
+				PZVAL_UNLOCK(*Ts[opline->result.u.var].var.ptr_ptr);
 				if (Ts[opline->result.u.var].var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
 					SEPARATE_ZVAL_IF_NOT_REF(Ts[opline->result.u.var].var.ptr_ptr);
 				}
+				PZVAL_LOCK(*Ts[opline->result.u.var].var.ptr_ptr);
 				NEXT_OPCODE();
 			case ZEND_FETCH_DIM_TMP_VAR:
 				zend_fetch_dimension_address_from_tmp_var(&opline->result, &opline->op1, &opline->op2, Ts ELS_CC);
-- 
2.50.1