From ae106ba62fa15d5d450c724c3aac11a1c346201f Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Fri, 7 Nov 2014 09:46:49 +0300
Subject: Partial fix for bug #68365 (zend_mm_heap corrupted after memory
 overflow in zend_hash_copy)

---
 Zend/zend_variables.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Zend/zend_variables.c b/Zend/zend_variables.c
index 9674de5246..cc73c379a7 100644
--- a/Zend/zend_variables.c
+++ b/Zend/zend_variables.c
@@ -135,9 +135,9 @@ ZEND_API void _zval_copy_ctor_func(zval *zvalue ZEND_FILE_LINE_DC)
 				}
 				ALLOC_HASHTABLE_REL(tmp_ht);
 				zend_hash_init(tmp_ht, zend_hash_num_elements(original_ht), NULL, ZVAL_PTR_DTOR, 0);
+				zvalue->value.ht = tmp_ht;
 				zend_hash_copy(tmp_ht, original_ht, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *));
 				tmp_ht->nNextFreeElement = original_ht->nNextFreeElement;
-				zvalue->value.ht = tmp_ht;
 			}
 			break;
 		case IS_OBJECT:
-- 
cgit v1.2.1