From 3b79f8f408ab090825bc15656e517746fdc43db9 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikic@php.net>
Date: Mon, 5 Dec 2016 20:39:45 +0100
Subject: Fix bug #73654

---
 NEWS                                   |  3 ++-
 ext/opcache/Optimizer/zend_optimizer.c |  5 +++++
 ext/opcache/tests/bug73654.phpt        | 17 +++++++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 ext/opcache/tests/bug73654.phpt

diff --git a/NEWS b/NEWS
index f51e6b00e8..2810fe001a 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2017, PHP 7.1.1
 
-
+- Opcache:
+  . Fixed bug #73654 (Segmentation fault in zend_call_function). (Nikita)
 
 01 Dec 2016, PHP 7.1.0
 
diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c
index c88821e0e3..b6506e0175 100644
--- a/ext/opcache/Optimizer/zend_optimizer.c
+++ b/ext/opcache/Optimizer/zend_optimizer.c
@@ -200,6 +200,11 @@ int zend_optimizer_update_op1_const(zend_op_array *op_array,
 		case ZEND_SEND_VAR_NO_REF_EX:
 			zval_ptr_dtor(val);
 			return 0;
+		case ZEND_VERIFY_RETURN_TYPE:
+			/* This would require a non-local change.
+			 * zend_optimizer_replace_by_const() supports this. */
+			zval_ptr_dtor(val);
+			return 0;
 		case ZEND_CONCAT:
 		case ZEND_FAST_CONCAT:
 		case ZEND_FETCH_R:
diff --git a/ext/opcache/tests/bug73654.phpt b/ext/opcache/tests/bug73654.phpt
new file mode 100644
index 0000000000..164e10829c
--- /dev/null
+++ b/ext/opcache/tests/bug73654.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #73654: Segmentation fault in zend_call_function
+--FILE--
+<?php
+echo xyz();
+
+function x () : string {
+    return 'x';
+}
+
+function xyz() : string {
+    return x().'yz';
+}
+
+?>
+--EXPECT--
+xyz
-- 
cgit v1.2.1