From d5e54a7f27227f1807051685742eadd5bce6e2b4 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Tue, 4 Mar 2008 11:44:15 +0000
Subject: [PATCH] Fixed shared memory corruption of opcode caches

---
 Zend/zend_execute_API.c | 23 +++++++++++++++++++++++
 Zend/zend_vm_def.h      |  3 ---
 Zend/zend_vm_execute.h  |  3 ---
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 263f03767c..ca594031f4 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -487,6 +487,19 @@ ZEND_API int zend_is_true(zval *op) /* {{{ */
 #define Z_REAL_TYPE_P(p)			(Z_TYPE_P(p) & ~IS_VISITED_CONSTANT)
 #define MARK_CONSTANT_VISITED(p)	Z_TYPE_P(p) |= IS_VISITED_CONSTANT
 
+static void zval_deep_copy(zval **p)
+{
+	zval *value;
+
+	ALLOC_ZVAL(value);
+	*value = **p;
+	Z_TYPE_P(value) &= ~IS_CONSTANT_INDEX;
+	zval_copy_ctor(value);
+	Z_TYPE_P(value) = Z_TYPE_PP(p);
+	INIT_PZVAL(value);
+	*p = value;
+}
+
 ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *scope TSRMLS_DC) /* {{{ */
 {
 	zval *p = *pp;
@@ -568,6 +581,16 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco
 		p = *pp;
 		Z_TYPE_P(p) = IS_ARRAY;
 
+		if (!inline_change) {
+			zval *tmp;
+			HashTable *tmp_ht = NULL;
+
+			ALLOC_HASHTABLE(tmp_ht);
+			zend_hash_init(tmp_ht, zend_hash_num_elements(Z_ARRVAL_P(p)), NULL, ZVAL_PTR_DTOR, 0);
+			zend_hash_copy(tmp_ht, Z_ARRVAL_P(p), (copy_ctor_func_t) zval_deep_copy, (void *) &tmp, sizeof(zval *));
+			Z_ARRVAL_P(p) = tmp_ht;
+		} 
+
 		/* First go over the array and see if there are any constant indices */
 		zend_hash_internal_pointer_reset(Z_ARRVAL_P(p));
 		while (zend_hash_get_current_data(Z_ARRVAL_P(p), (void **) &element) == SUCCESS) {
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index a424647150..d96f81c1b5 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2644,9 +2644,6 @@ ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST)
 
 			ALLOC_ZVAL(default_value);
 			*default_value = opline->op2.u.constant;
-			if (Z_TYPE(opline->op2.u.constant)==IS_CONSTANT_ARRAY) {
-				zval_copy_ctor(default_value);
-			}
 			Z_SET_REFCOUNT_P(default_value, 1);
 			zval_update_constant(&default_value, 0 TSRMLS_CC);
 			Z_SET_REFCOUNT_P(default_value, 0);
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 72d091d523..7f4ce1e4b7 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -736,9 +736,6 @@ static int ZEND_RECV_INIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 
 			ALLOC_ZVAL(default_value);
 			*default_value = opline->op2.u.constant;
-			if (Z_TYPE(opline->op2.u.constant)==IS_CONSTANT_ARRAY) {
-				zval_copy_ctor(default_value);
-			}
 			Z_SET_REFCOUNT_P(default_value, 1);
 			zval_update_constant(&default_value, 0 TSRMLS_CC);
 			Z_SET_REFCOUNT_P(default_value, 0);
-- 
2.40.0