From e7f4355d9b6777bc9fc44ac3a109c52f5d304889 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Thu, 29 Sep 2016 10:56:01 +0300
Subject: [PATCH] Better fix for bug #72854 (avoid extra copy and creating
 reference to stack variable)

---
 Zend/zend_execute.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index 2882f3dc33..326c719c65 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -576,7 +576,6 @@ static inline zval *_get_obj_zval_ptr_ptr(int op_type, znode_op node, zend_execu
 static inline void zend_assign_to_variable_reference(zval *variable_ptr, zval *value_ptr)
 {
 	zend_reference *ref;
-	zval garbage;
 
 	if (EXPECTED(!Z_ISREF_P(value_ptr))) {
 		ZVAL_NEW_REF(value_ptr, value_ptr);
@@ -586,9 +585,18 @@ static inline void zend_assign_to_variable_reference(zval *variable_ptr, zval *v
 
 	ref = Z_REF_P(value_ptr);
 	GC_REFCOUNT(ref)++;
-	ZVAL_COPY_VALUE(&garbage, variable_ptr);
+	if (Z_REFCOUNTED_P(variable_ptr)) {
+		zend_refcounted *garbage = Z_COUNTED_P(variable_ptr);
+
+		if (--GC_REFCOUNT(garbage) == 0) {
+			ZVAL_REF(variable_ptr, ref);
+			zval_dtor_func_for_ptr(garbage);
+			return;
+		} else {
+			GC_ZVAL_CHECK_POSSIBLE_ROOT(variable_ptr);
+		}
+	}
 	ZVAL_REF(variable_ptr, ref);
-	zval_ptr_dtor(&garbage);
 }
 
 /* this should modify object only if it's empty */
-- 
2.50.1