From 9bc14f9632739274d7d3430759f77f272bf63241 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikic@php.net>
Date: Sun, 5 Oct 2014 23:11:17 +0200
Subject: Fix dynamic calls to static methods with fci->object

func may already be freed at the time the static flag was checked.
---
 Zend/zend_execute_API.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'Zend/zend_execute_API.c')

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 9fdb2ee4f5..1da64bb978 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -829,8 +829,10 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS
 	call->num_args = fci->param_count;
 
 	EG(scope) = calling_scope;
-	if (!fci->object ||
-	    (func->common.fn_flags & ZEND_ACC_STATIC)) {
+	if (func->common.fn_flags & ZEND_ACC_STATIC) {
+		fci->object = NULL;
+	}
+	if (!fci->object) {
 		Z_OBJ(call->This) = NULL;
 		Z_TYPE_INFO(call->This) = IS_UNDEF;
 	} else {
@@ -908,7 +910,7 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS
 		}
 	}
 
-	if (fci->object && !(func->common.fn_flags & ZEND_ACC_STATIC)) {
+	if (fci->object) {
 		OBJ_RELEASE(fci->object);
 	}
 
-- 
cgit v1.2.1