From 1266515e19cb30dab5c63df764d18233a234aba6 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikic@php.net>
Date: Mon, 5 Jan 2015 17:02:11 +0100
Subject: Fix uses of zval_add_ref and add comment on usage

zval_add_ref should be used as a copy ctor, after the value was
already copied.

In particular when used with hash insertions, it should be applied
to the return value of the insert function.
---
 Zend/zend_variables.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'Zend/zend_variables.c')

diff --git a/Zend/zend_variables.c b/Zend/zend_variables.c
index 91d68c3985..70f816166b 100644
--- a/Zend/zend_variables.c
+++ b/Zend/zend_variables.c
@@ -201,13 +201,15 @@ ZEND_API void _zval_internal_dtor_for_ptr(zval *zvalue ZEND_FILE_LINE_DC)
 	}
 }
 
+/* This function should only be used as a copy constructor, i.e. it
+ * should only be called AFTER a zval has been copied to another
+ * location using ZVAL_COPY_VALUE. Do not call it before copying,
+ * otherwise a reference may be leaked. */
 ZEND_API void zval_add_ref(zval *p)
 {
 	if (Z_REFCOUNTED_P(p)) {
 		if (Z_ISREF_P(p) && Z_REFCOUNT_P(p) == 1) {
-			zend_reference *ref = Z_REF_P(p);
 			ZVAL_COPY(p, Z_REFVAL_P(p));
-			efree_size(ref, sizeof(zend_reference));
 		} else {
 			Z_ADDREF_P(p);
 		}
-- 
cgit v1.2.1