Patch bug62991.patch for Reproducible crash Bug #62991

Patch version 2012-09-04 06:56 UTC

Obsolete patches:

• bug62991.patch, revision 2012-09-02 09:54 UTC
• bug62991.patch, revision 2012-09-02 09:58 UTC
• bug62991.patch, revision 2012-09-02 11:45 UTC

• 2012-09-04 06:56 UTC [diff to current]
• 2012-09-02 11:45 UTC [diff to current]
• 2012-09-02 09:58 UTC [diff to current]
• 2012-09-02 09:54 UTC [diff to current]

Developer: dmitry@zend.com

diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c
index c22d745..6f6dde6 100644
--- a/Zend/zend_generators.c
+++ b/Zend/zend_generators.c
@@ -154,6 +154,12 @@ void zend_generator_close(zend_generator *generator, zend_bool finished_executio
 			efree(prev_execute_data);
 		}
 
+		/* Free a clone of closure */
+		if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
+			destroy_op_array(op_array TSRMLS_CC);
+			efree(op_array);
+		}
+
 		efree(execute_data);
 		generator->execute_data = NULL;
 	}
@@ -358,6 +364,14 @@ zval *zend_generator_create_zval(zend_op_array *op_array TSRMLS_DC) /* {{{ */
 	zval *return_value;
 	zend_generator *generator;
 
+	/* Create a clone of closure, because it may be destroied */
+	if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
+		zend_op_array *op_array_copy = (zend_op_array*)emalloc(sizeof(zend_op_array));
+		*op_array_copy = *op_array;
+		function_add_ref(op_array_copy);
+		op_array = op_array_copy;
+	}
+	
 	/* Create new execution context. We have to back up and restore
 	 * EG(current_execute_data) and EG(opline_ptr) here because the function
 	 * modifies it. */