In PHP-5.6 and below each argument passed to user function was copies on VM stack twice.
Now we always have ZEND_INIT_FCALL (or simular) opcode that pushes "call frame" on top of VM stack.
"Call frame" is actually the same zend_execute_data structure.
All the following ZEND_SEND instructions push arguments on top of the stack in a way that they directly comes into corresponding CV variables of the called frame. Extra arguments are copied at the end of stack frame (after all CV and TMP variables) on function enterance.
There are two minor incompatibilities:
1) It's not allowed to decalre functions redefining arguments e.g. "function foo($a,$a) {}".
2) func_get_arg() and func_get args() return the current value of argument and not the original value that was sent.
* master: (77 commits)
NEWS entry for Fix potential segfault in dns_get_record()
NEWS entry for "Fix potential segfault in dns_get_record()"
NEWS entry for Fix potential segfault in dns_get_record(
Fix potential segfault in dns_get_record()
Revert "Add optional second arg to unserialize()"
5.5.15 now
update NEWS
Fix bug #66127 (Segmentation fault with ArrayObject unset)
5.4.31 next
Add NEWS. This doesn't need UPGRADING (or an RFC), IMO.
Fix broken test.
Add a mime type map generation script and update the header.
Move the mime type map out of php_cli_server.c for easier generation.
Replace the CLI server's linear search for extensions with a hash table.
fix test
Remove unused included file
NEWS
NEWS
NEWS
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
...
Conflicts:
Zend/zend_closures.c
Zend/zend_execute.c
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
ext/spl/spl_array.c
ext/standard/basic_functions.c
ext/standard/dns.c
ext/standard/var.c
Dereference the cached constant for Test::TEST as well (and not just
self::TEST).
Also improve the phpt file to test this case as well - previously
this only manifested with opcache enabled, due to literal sharing.
Additionally the Z_TYPE_P != IS_REFERENCE assertion is now moved
into the TMP_VAR fetching code (as it applies to more than just
property assignments.)
If a class is extended after the constant fetch has been cached
the cached value will be turned into a reference. On the next
fetch the polymorphic cache will return this reference, which
will be directly returned. The object assignment code then
dereferences this result and performs a shallow copy, which is
invalid for references. This subsequently leads to the constant
value being prematurely freed.
This is fixed by dereferencing the value returned from the
polymorphic cache. Furthermore the incorrect dereference from
in the object assignment code is replaced with an assertion that
we're dealing with a non-reference, so ensure that this kind of
problem cannot go unnoticed in the future.
