From ccd41e083359cf6dd264f88806dce4cc49d9358e Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Fri, 15 May 2020 15:36:00 +0800
Subject: Fixed bug #97599 (coredump in set_error_handler)

---
 Zend/zend.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'Zend/zend.c')

diff --git a/Zend/zend.c b/Zend/zend.c
index a9ae03e624..b61658ef53 100644
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -1248,6 +1248,10 @@ ZEND_API zval *zend_get_configuration_directive(zend_string *name) /* {{{ */
 		} \
 	} while (0)
 
+static void arg_copy_ctor(zval *zv) {
+	zval_copy_ctor(zv);
+}
+
 static ZEND_COLD void zend_error_va_list(
 		int type, const char *error_filename, uint32_t error_lineno,
 		const char *format, va_list args)
@@ -1341,7 +1345,9 @@ static ZEND_COLD void zend_error_va_list(
 			if (!symbol_table) {
 				ZVAL_NULL(&params[4]);
 			} else {
-				ZVAL_ARR(&params[4], zend_array_dup(symbol_table));
+				array_init(&params[4]);
+				/* always try to do noninvasive duplication */
+				zend_hash_copy(Z_ARRVAL(params[4]), symbol_table, arg_copy_ctor);
 			}
 
 			ZVAL_COPY_VALUE(&orig_user_error_handler, &EG(user_error_handler));
-- 
cgit v1.2.1