From ab849392549c41fd3fc3d6ed2a324688f2afe47d Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Mon, 10 Nov 2014 13:46:47 +0800
Subject: [PATCH] Fixed bug #68370 ("unset($this)" can make the program crash)

---
 NEWS                     |  1 +
 Zend/tests/bug68370.phpt | 18 ++++++++++++++++++
 Zend/zend_execute_API.c  |  7 -------
 3 files changed, 19 insertions(+), 7 deletions(-)
 create mode 100644 Zend/tests/bug68370.phpt

diff --git a/NEWS b/NEWS
index 9e5e1388c8..79a2b8893f 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ PHP                                                                        NEWS
 ?? ??? 2014, PHP 5.5.19
 
 - Core:
+  . Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)
   . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in 
     php_getopt()). (Stas)
   . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
diff --git a/Zend/tests/bug68370.phpt b/Zend/tests/bug68370.phpt
new file mode 100644
index 0000000000..25589bf455
--- /dev/null
+++ b/Zend/tests/bug68370.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #68370 "unset($this)" can make the program crash
+--FILE--
+<?php
+class C {
+	public function test() {
+		unset($this);
+		return get_defined_vars();
+	}
+}
+$c = new C();
+$x = $c->test();
+print_r($x);
+unset($c, $x);
+--EXPECTF--
+Array
+(
+)
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 7e2a3378da..9d4eebf010 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -1761,13 +1761,6 @@ ZEND_API void zend_rebuild_symbol_table(TSRMLS_D) /* {{{ */
 				/*printf("Cache miss!  Initialized %x\n", EG(active_symbol_table));*/
 			}
 			ex->symbol_table = EG(active_symbol_table);
-
-			if (ex->op_array->this_var != -1 &&
-			    !*EX_CV_NUM(ex, ex->op_array->this_var) &&
-			    EG(This)) {
-			    *EX_CV_NUM(ex, ex->op_array->this_var) = (zval**)EX_CV_NUM(ex, ex->op_array->last_var + ex->op_array->this_var);
-				**EX_CV_NUM(ex, ex->op_array->this_var) = EG(This);
- 			}
 			for (i = 0; i < ex->op_array->last_var; i++) {
 				if (*EX_CV_NUM(ex, i)) {
 					zend_hash_quick_update(EG(active_symbol_table),
-- 
2.40.0