Merge branch 'master' of https://git.php.net/push/php-src

cmb69 · cmb69 · commit 9692e74b04ea · 2015-06-11T23:58:34.000+02:00
diff --git a/Zend/tests/bug69788.phpt b/Zend/tests/bug69788.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Bug #69788: Malformed script causes Uncaught EngineException in php-cgi, valgrind SIGILL
+--FILE--
+<?php [t.[]]; ?>
+--EXPECTF--
+Notice: Array to string conversion in %s on line %d
+
+Notice: Use of undefined constant t - assumed 't' in %s on line %d
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
@@ -672,7 +672,7 @@ ZEND_API void zend_std_write_property(zval *object, zval *member, zval *value, v
 		if (Z_REFCOUNTED_P(value)) {
 			if (Z_ISREF_P(value)) {
 				/* if we assign referenced variable, we should separate it */
-				ZVAL_DUP(&tmp, Z_REFVAL_P(value));
+				ZVAL_COPY(&tmp, Z_REFVAL_P(value));
 				value = &tmp;
 			} else {
 				Z_ADDREF_P(value);
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
@@ -209,7 +209,7 @@ ZEND_API void ZEND_FASTCALL convert_scalar_to_number(zval *op) /* {{{ */
 				(op) = &(holder);											\
 				break;														\
 			case IS_OBJECT:													\
-				ZVAL_DUP(&(holder), op);										\
+				ZVAL_COPY(&(holder), op);										\
 				convert_to_long_base(&(holder), 10);						\
 				if (Z_TYPE(holder) == IS_LONG) {							\
 					(op) = &(holder);										\
@@ -312,7 +312,7 @@ ZEND_API void ZEND_FASTCALL convert_to_long_base(zval *op, int base) /* {{{ */
 			break;
 		case IS_ARRAY:
 			tmp = (zend_hash_num_elements(Z_ARRVAL_P(op))?1:0);
-			zval_dtor(op);
+			zval_ptr_dtor(op);
 			ZVAL_LONG(op, tmp);
 			break;
 		case IS_OBJECT:
@@ -369,7 +369,7 @@ ZEND_API void ZEND_FASTCALL convert_to_double(zval *op) /* {{{ */
 			break;
 		case IS_ARRAY:
 			tmp = (zend_hash_num_elements(Z_ARRVAL_P(op))?1:0);
-			zval_dtor(op);
+			zval_ptr_dtor(op);
 			ZVAL_DOUBLE(op, tmp);
 			break;
 		case IS_OBJECT:
@@ -408,7 +408,7 @@ ZEND_API void ZEND_FASTCALL convert_to_null(zval *op) /* {{{ */
 		}
 	}
 
-	zval_dtor(op);
+	zval_ptr_dtor(op);
 	ZVAL_NULL(op);
 }
 /* }}} */
@@ -452,7 +452,7 @@ ZEND_API void ZEND_FASTCALL convert_to_boolean(zval *op) /* {{{ */
 			break;
 		case IS_ARRAY:
 			tmp = (zend_hash_num_elements(Z_ARRVAL_P(op))?1:0);
-			zval_dtor(op);
+			zval_ptr_dtor(op);
 			ZVAL_BOOL(op, tmp);
 			break;
 		case IS_OBJECT:
@@ -516,7 +516,7 @@ ZEND_API void ZEND_FASTCALL _convert_to_string(zval *op ZEND_FILE_LINE_DC) /* {{
 		}
 		case IS_ARRAY:
 			zend_error(E_NOTICE, "Array to string conversion");
-			zval_dtor(op);
+			zval_ptr_dtor(op);
 			ZVAL_NEW_STR(op, zend_string_init("Array", sizeof("Array")-1, 0));
 			break;
 		case IS_OBJECT: {
@@ -603,14 +603,10 @@ ZEND_API void ZEND_FASTCALL convert_to_object(zval *op) /* {{{ */
 	switch (Z_TYPE_P(op)) {
 		case IS_ARRAY:
 			{
-				HashTable *properties = emalloc(sizeof(HashTable));
-				zend_array *arr = Z_ARR_P(op);
-
-				memcpy(properties, Z_ARRVAL_P(op), sizeof(HashTable));
-				object_and_properties_init(op, zend_standard_class_def, properties);
-				if (--GC_REFCOUNT(arr) == 0) {
-					efree_size(arr, sizeof(zend_array));
-				}
+				zval tmp;
+				ZVAL_COPY_VALUE(&tmp, op);
+				SEPARATE_ARRAY(&tmp);
+				object_and_properties_init(op, zend_standard_class_def, Z_ARR(tmp));
 				break;
 			}
 		case IS_OBJECT:
diff --git a/Zend/zend_operators.h b/Zend/zend_operators.h
@@ -364,7 +364,6 @@ ZEND_API void ZEND_FASTCALL zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_D
 
 #define convert_to_ex_master(pzv, lower_type, upper_type)	\
 	if (Z_TYPE_P(pzv)!=upper_type) {					\
-		SEPARATE_ZVAL_IF_NOT_REF(pzv);						\
 		convert_to_##lower_type(pzv);						\
 	}
 
@@ -400,7 +399,6 @@ ZEND_API void ZEND_FASTCALL zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_D
 
 #define convert_to_explicit_type_ex(pzv, str_type)	\
 	if (Z_TYPE_P(pzv) != str_type) {				\
-		SEPARATE_ZVAL_IF_NOT_REF(pzv);				\
 		convert_to_explicit_type(pzv, str_type);	\
 	}
 
@@ -414,7 +412,6 @@ ZEND_API void ZEND_FASTCALL zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_D
 
 #define convert_scalar_to_number_ex(pzv)							\
 	if (Z_TYPE_P(pzv)!=IS_LONG && Z_TYPE_P(pzv)!=IS_DOUBLE) {		\
-		SEPARATE_ZVAL_IF_NOT_REF(pzv);								\
 		convert_scalar_to_number(pzv);					\
 	}
 
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
@@ -5432,8 +5432,7 @@ ZEND_VM_HANDLER(21, ZEND_CAST, CONST|TMP|VAR|CV, ANY)
 						}
 					}
 				} else {
-					ZVAL_COPY_VALUE(result, expr);
-					zval_opt_copy_ctor(result);
+					ZVAL_COPY(result, expr);
 					convert_to_object(result);
 				}
 			}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
@@ -3730,8 +3730,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_CONST_HANDLER(ZEND_O
 						}
 					}
 				} else {
-					ZVAL_COPY_VALUE(result, expr);
-					zval_opt_copy_ctor(result);
+					ZVAL_COPY(result, expr);
 					convert_to_object(result);
 				}
 			}
@@ -12350,8 +12349,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_TMP_HANDLER(ZEND_OPC
 						}
 					}
 				} else {
-					ZVAL_COPY_VALUE(result, expr);
-					zval_opt_copy_ctor(result);
+					ZVAL_COPY(result, expr);
 					convert_to_object(result);
 				}
 			}
@@ -15827,8 +15825,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_VAR_HANDLER(ZEND_OPC
 						}
 					}
 				} else {
-					ZVAL_COPY_VALUE(result, expr);
-					zval_opt_copy_ctor(result);
+					ZVAL_COPY(result, expr);
 					convert_to_object(result);
 				}
 			}
@@ -29481,8 +29478,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_CV_HANDLER(ZEND_OPCO
 						}
 					}
 				} else {
-					ZVAL_COPY_VALUE(result, expr);
-					zval_opt_copy_ctor(result);
+					ZVAL_COPY(result, expr);
 					convert_to_object(result);
 				}
 			}
diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
@@ -1837,6 +1837,7 @@ ZEND_FUNCTION(gmp_random_range)
 {
 	zval *min_arg, *max_arg;
 	mpz_ptr gmpnum_min, gmpnum_max, gmpnum_result;
+	mpz_t gmpnum_range;
 	gmp_temp_t temp_a, temp_b;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &min_arg, &max_arg) == FAILURE) {
@@ -1855,22 +1856,23 @@ ZEND_FUNCTION(gmp_random_range)
 		}
 
 		INIT_GMP_RETVAL(gmpnum_result);
+		mpz_init(gmpnum_range);
 
-		if (Z_LVAL_P(min_arg)) {
-			mpz_sub_ui(gmpnum_max, gmpnum_max, Z_LVAL_P(min_arg));
+		if (Z_LVAL_P(min_arg) != 0) {
+			mpz_sub_ui(gmpnum_range, gmpnum_max, Z_LVAL_P(min_arg) - 1);
+		} else {
+			mpz_add_ui(gmpnum_range, gmpnum_max, 1);
 		}
 
-		mpz_add_ui(gmpnum_max, gmpnum_max, 1);
-		mpz_urandomm(gmpnum_result, GMPG(rand_state), gmpnum_max);
+		mpz_urandomm(gmpnum_result, GMPG(rand_state), gmpnum_range);
 
-		if (Z_LVAL_P(min_arg)) {
+		if (Z_LVAL_P(min_arg) != 0) {
 			mpz_add_ui(gmpnum_result, gmpnum_result, Z_LVAL_P(min_arg));
 		}
 
+		mpz_clear(gmpnum_range);
 		FREE_GMP_TEMP(temp_a);
-
-	}
-	else {
+	} else {
 		FETCH_GMP_ZVAL_DEP(gmpnum_min, min_arg, temp_b, temp_a);
 
 		if (mpz_cmp(gmpnum_max, gmpnum_min) <= 0) {
@@ -1881,12 +1883,14 @@ ZEND_FUNCTION(gmp_random_range)
 		}
 
 		INIT_GMP_RETVAL(gmpnum_result);
+		mpz_init(gmpnum_range);
 
-		mpz_sub(gmpnum_max, gmpnum_max, gmpnum_min);
-		mpz_add_ui(gmpnum_max, gmpnum_max, 1);
-		mpz_urandomm(gmpnum_result, GMPG(rand_state), gmpnum_max);
+		mpz_sub(gmpnum_range, gmpnum_max, gmpnum_min);
+		mpz_add_ui(gmpnum_range, gmpnum_range, 1);
+		mpz_urandomm(gmpnum_result, GMPG(rand_state), gmpnum_range);
 		mpz_add(gmpnum_result, gmpnum_result, gmpnum_min);
 
+		mpz_clear(gmpnum_range);
 		FREE_GMP_TEMP(temp_b);
 		FREE_GMP_TEMP(temp_a);
 	}
diff --git a/ext/gmp/tests/bug69803.phpt b/ext/gmp/tests/bug69803.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #69803: gmp_random_range() modifies second parameter if GMP number
+--FILE--
+<?php
+
+$a = gmp_init(100);
+$b = gmp_init(200);
+echo $a . ", ", $b . "\n";
+gmp_random_range($a, $b);
+echo $a . ", ", $b . "\n";
+
+$b = gmp_init(200);
+echo $a . ", ", $b . "\n";
+gmp_random_range(100, $b);
+echo $a . ", ", $b . "\n";
+
+?>
+--EXPECT--
+100, 200
+100, 200
+100, 200
+100, 200
diff --git a/ext/gmp/tests/gmp_random_range.phpt b/ext/gmp/tests/gmp_random_range.phpt
@@ -5,8 +5,8 @@ gmp_random_range() basic tests
 --FILE--
 <?php
 
-$minusTen = gmp_init(-1);
-$plusTen = gmp_init(1);
+$minusTen = gmp_init(-10);
+$plusTen = gmp_init(10);
 $zero = gmp_init(0);
 
 var_dump(gmp_random_range());
diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c
@@ -2209,8 +2209,8 @@ PHP_FUNCTION(iconv_mime_encode)
 {
 	zend_string *field_name = NULL;
 	zend_string *field_value = NULL;
+	zend_string *tmp_str = NULL;
 	zval *pref = NULL;
-	zval tmp_zv, *tmp_zv_p = NULL;
 	smart_str retval = {0};
 	php_iconv_err_t err;
 
@@ -2273,12 +2273,8 @@ PHP_FUNCTION(iconv_mime_encode)
 
 		if ((pzval = zend_hash_str_find(Z_ARRVAL_P(pref), "line-break-chars", sizeof("line-break-chars") - 1)) != NULL) {
 			if (Z_TYPE_P(pzval) != IS_STRING) {
-				ZVAL_DUP(&tmp_zv, pzval);
-				convert_to_string(&tmp_zv);
-
-				lfchars = Z_STRVAL(tmp_zv);
-
-				tmp_zv_p = &tmp_zv;
+				tmp_str = zval_get_string(pzval);
+				lfchars = tmp_str->val;
 			} else {
 				lfchars = Z_STRVAL_P(pzval);
 			}
@@ -2301,8 +2297,8 @@ PHP_FUNCTION(iconv_mime_encode)
 		RETVAL_FALSE;
 	}
 
-	if (tmp_zv_p != NULL) {
-		zval_dtor(tmp_zv_p);
+	if (tmp_str) {
+		zend_string_release(tmp_str);
 	}
 }
 /* }}} */
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
@@ -306,7 +306,7 @@ zval *mysqli_read_property(zval *object, zval *member, int type, void **cache_sl
 	obj = Z_MYSQLI_P(object);
 
 	if (Z_TYPE_P(member) != IS_STRING) {
-		ZVAL_DUP(&tmp_member, member);
+		ZVAL_COPY(&tmp_member, member);
 		convert_to_string(&tmp_member);
 		member = &tmp_member;
 	}
@@ -341,7 +341,7 @@ void mysqli_write_property(zval *object, zval *member, zval *value, void **cache
 	mysqli_prop_handler *hnd = NULL;
 
 	if (Z_TYPE_P(member) != IS_STRING) {
-		ZVAL_DUP(&tmp_member, member);
+		ZVAL_COPY(&tmp_member, member);
 		convert_to_string(&tmp_member);
 		member = &tmp_member;
 	}
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -3217,7 +3217,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval * val, int public_key, char * p
 		if (Z_TYPE_P(zphrase) == IS_STRING) {
 			passphrase = Z_STRVAL_P(zphrase);
 		} else {
-			ZVAL_DUP(&tmp, zphrase);
+			ZVAL_COPY(&tmp, zphrase);
 			convert_to_string(&tmp);
 			passphrase = Z_STRVAL(tmp);
 		}
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
@@ -4246,7 +4246,7 @@ PHP_FUNCTION(pg_copy_from)
 #if HAVE_PQPUTCOPYDATA
 				ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(pg_rows), value) {
 					zval tmp;
-					ZVAL_DUP(&tmp, value);
+					ZVAL_COPY(&tmp, value);
 					convert_to_string_ex(&tmp);
 					query = (char *)emalloc(Z_STRLEN(tmp) + 2);
 					strlcpy(query, Z_STRVAL(tmp), Z_STRLEN(tmp) + 2);
@@ -4270,7 +4270,7 @@ PHP_FUNCTION(pg_copy_from)
 #else
 				ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(pg_rows), value) {
 					zval tmp;
-					ZVAL_DUP(&tmp, value);
+					ZVAL_COPY(&tmp, value);
 					convert_to_string_ex(&tmp);
 					query = (char *)emalloc(Z_STRLEN(tmp) + 2);
 					strlcpy(query, Z_STRVAL(tmp), Z_STRLEN(tmp) + 2);
diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
@@ -517,7 +517,7 @@ static int sxe_prop_dim_write(zval *object, zval *member, zval *value, zend_bool
 			case IS_DOUBLE:
 			case IS_NULL:
 				if (Z_TYPE_P(value) != IS_STRING) {
-					ZVAL_DUP(&zval_copy, value);
+					ZVAL_COPY(&zval_copy, value);
 					value = &zval_copy;
 					convert_to_string(value);
 					new_value = 1;
diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c
@@ -923,21 +923,16 @@ static xmlNodePtr to_xml_base64(encodeTypePtr type, zval *data, int style, xmlNo
 
 	if (Z_TYPE_P(data) == IS_STRING) {
 		str = php_base64_encode((unsigned char*)Z_STRVAL_P(data), Z_STRLEN_P(data));
-		text = xmlNewTextLen(BAD_CAST(str->val), str->len);
-		xmlAddChild(ret, text);
-		zend_string_release(str);
 	} else {
-		zval tmp;
-
-		ZVAL_DUP(&tmp, data);
-		convert_to_string(&tmp);
-		str = php_base64_encode((unsigned char*)Z_STRVAL(tmp), Z_STRLEN(tmp));
-		text = xmlNewTextLen(BAD_CAST(str->val), str->len);
-		xmlAddChild(ret, text);
-		zend_string_release(str);
-		zval_dtor(&tmp);
+		zend_string *tmp = zval_get_string(data);
+		str = php_base64_encode((unsigned char*) tmp->val, tmp->len);
+		zend_string_release(tmp);
 	}
 
+	text = xmlNewTextLen(BAD_CAST(str->val), str->len);
+	xmlAddChild(ret, text);
+	zend_string_release(str);
+
 	if (style == SOAP_ENCODED) {
 		set_ns_and_type(ret, type);
 	}
diff --git a/ext/spl/spl_iterators.c b/ext/spl/spl_iterators.c
@@ -2074,8 +2074,7 @@ SPL_METHOD(RegexIterator, accept)
 		case REGIT_MODE_REPLACE:
 			replacement = zend_read_property(intern->std.ce, getThis(), "replacement", sizeof("replacement")-1, 1, &rv);
 			if (Z_TYPE_P(replacement) != IS_STRING) {
-				tmp_replacement = *replacement;
-				zval_copy_ctor(&tmp_replacement);
+				ZVAL_COPY(&tmp_replacement, replacement);
 				convert_to_string(&tmp_replacement);
 				replacement = &tmp_replacement;
 			}
@@ -2787,11 +2786,11 @@ SPL_METHOD(CachingIterator, __toString)
 		return;
 	}
 	if (intern->u.caching.flags & CIT_TOSTRING_USE_KEY) {
-		ZVAL_DUP(return_value, &intern->current.key);
+		ZVAL_COPY(return_value, &intern->current.key);
 		convert_to_string(return_value);
 		return;
 	} else if (intern->u.caching.flags & CIT_TOSTRING_USE_CURRENT) {
-		ZVAL_DUP(return_value, &intern->current.data);
+		ZVAL_COPY(return_value, &intern->current.data);
 		convert_to_string(return_value);
 		return;
 	}
diff --git a/ext/standard/array.c b/ext/standard/array.c
diff --git a/ext/standard/http.c b/ext/standard/http.c
diff --git a/ext/standard/password.c b/ext/standard/password.c
diff --git a/ext/standard/type.c b/ext/standard/type.c
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c

Original file line number	Diff line number	Diff line change
`@@ -364,7 +364,6 @@ ZEND_API void ZEND_FASTCALL zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_D`
`364`	`364`
`365`	`365`	`#define convert_to_ex_master(pzv, lower_type, upper_type) \`
`366`	`366`	`if (Z_TYPE_P(pzv)!=upper_type) { \`
`367`		`- SEPARATE_ZVAL_IF_NOT_REF(pzv); \`
`368`	`367`	`convert_to_##lower_type(pzv); \`
`369`	`368`	`}`
`370`	`369`
`@@ -400,7 +399,6 @@ ZEND_API void ZEND_FASTCALL zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_D`
`400`	`399`
`401`	`400`	`#define convert_to_explicit_type_ex(pzv, str_type) \`
`402`	`401`	`if (Z_TYPE_P(pzv) != str_type) { \`
`403`		`- SEPARATE_ZVAL_IF_NOT_REF(pzv); \`
`404`	`402`	`convert_to_explicit_type(pzv, str_type); \`
`405`	`403`	`}`
`406`	`404`
`@@ -414,7 +412,6 @@ ZEND_API void ZEND_FASTCALL zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_D`
`414`	`412`
`415`	`413`	`#define convert_scalar_to_number_ex(pzv) \`
`416`	`414`	`if (Z_TYPE_P(pzv)!=IS_LONG && Z_TYPE_P(pzv)!=IS_DOUBLE) { \`
`417`		`- SEPARATE_ZVAL_IF_NOT_REF(pzv); \`
`418`	`415`	`convert_scalar_to_number(pzv); \`
`419`	`416`	`}`
`420`	`417`
Original file line number	Diff line number	Diff line change
`@@ -5432,8 +5432,7 @@ ZEND_VM_HANDLER(21, ZEND_CAST, CONST\|TMP\|VAR\|CV, ANY)`
`5432`	`5432`	`}`
`5433`	`5433`	`}`
`5434`	`5434`	`} else {`
`5435`		`- ZVAL_COPY_VALUE(result, expr);`
`5436`		`- zval_opt_copy_ctor(result);`
	`5435`	`+ ZVAL_COPY(result, expr);`
`5437`	`5436`	`convert_to_object(result);`
`5438`	`5437`	`}`
`5439`	`5438`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3730,8 +3730,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_CONST_HANDLER(ZEND_O`
`3730`	`3730`	`}`
`3731`	`3731`	`}`
`3732`	`3732`	`} else {`
`3733`		`- ZVAL_COPY_VALUE(result, expr);`
`3734`		`- zval_opt_copy_ctor(result);`
	`3733`	`+ ZVAL_COPY(result, expr);`
`3735`	`3734`	`convert_to_object(result);`
`3736`	`3735`	`}`
`3737`	`3736`	`}`
`@@ -12350,8 +12349,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_TMP_HANDLER(ZEND_OPC`
`12350`	`12349`	`}`
`12351`	`12350`	`}`
`12352`	`12351`	`} else {`
`12353`		`- ZVAL_COPY_VALUE(result, expr);`
`12354`		`- zval_opt_copy_ctor(result);`
	`12352`	`+ ZVAL_COPY(result, expr);`
`12355`	`12353`	`convert_to_object(result);`
`12356`	`12354`	`}`
`12357`	`12355`	`}`
`@@ -15827,8 +15825,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_VAR_HANDLER(ZEND_OPC`
`15827`	`15825`	`}`
`15828`	`15826`	`}`
`15829`	`15827`	`} else {`
`15830`		`- ZVAL_COPY_VALUE(result, expr);`
`15831`		`- zval_opt_copy_ctor(result);`
	`15828`	`+ ZVAL_COPY(result, expr);`
`15832`	`15829`	`convert_to_object(result);`
`15833`	`15830`	`}`
`15834`	`15831`	`}`
`@@ -29481,8 +29478,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CAST_SPEC_CV_HANDLER(ZEND_OPCO`
`29481`	`29478`	`}`
`29482`	`29479`	`}`
`29483`	`29480`	`} else {`
`29484`		`- ZVAL_COPY_VALUE(result, expr);`
`29485`		`- zval_opt_copy_ctor(result);`
	`29481`	`+ ZVAL_COPY(result, expr);`
`29486`	`29482`	`convert_to_object(result);`
`29487`	`29483`	`}`
`29488`	`29484`	`}`