@@ -1603,7 +1603,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
16031603 s = zend_string_init (Z_STRVAL_P (str ), Z_STRLEN_P (str ), 0 );
16041604 ZSTR_H (s ) = ZSTR_H (Z_STR_P (str ));
16051605 if (Z_REFCOUNTED_P (str )) {
1606- zend_string_release_ex (Z_STR_P (str ), 0 );
1606+ GC_DELREF (Z_STR_P (str ));
16071607 }
16081608 ZVAL_NEW_STR (str , s );
16091609 }
@@ -1615,7 +1615,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
16151615 * Temporarily increase the refcount to detect this situation. */
16161616 GC_ADDREF (s );
16171617 offset = zend_check_string_offset (dim , BP_VAR_W EXECUTE_DATA_CC );
1618- if (GC_DELREF (s ) == 0 ) {
1618+ if (UNEXPECTED ( GC_DELREF (s ) == 0 ) ) {
16191619 zend_string_efree (s );
16201620 if (UNEXPECTED (RETURN_VALUE_USED (opline ))) {
16211621 ZVAL_NULL (EX_VAR (opline -> result .var ));
@@ -1655,8 +1655,11 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
16551655 }
16561656 /* Convert to string, just the time to pick the 1st byte */
16571657 tmp = zval_try_get_string_func (value );
1658- if (GC_DELREF (s ) == 0 ) {
1658+ if (UNEXPECTED ( GC_DELREF (s ) == 0 ) ) {
16591659 zend_string_efree (s );
1660+ if (tmp ) {
1661+ zend_string_release_ex (tmp , 0 );
1662+ }
16601663 if (UNEXPECTED (RETURN_VALUE_USED (opline ))) {
16611664 ZVAL_NULL (EX_VAR (opline -> result .var ));
16621665 }
@@ -1691,7 +1694,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
16911694 * Temporarily increase the refcount to detect this situation. */
16921695 GC_ADDREF (s );
16931696 zend_error (E_WARNING , "Only the first byte will be assigned to the string offset" );
1694- if (GC_DELREF (s ) == 0 ) {
1697+ if (UNEXPECTED ( GC_DELREF (s ) == 0 ) ) {
16951698 zend_string_efree (s );
16961699 if (UNEXPECTED (RETURN_VALUE_USED (opline ))) {
16971700 ZVAL_NULL (EX_VAR (opline -> result .var ));
@@ -2515,11 +2518,11 @@ static zend_always_inline void zend_fetch_dimension_address_read(zval *result, z
25152518 case IS_UNDEF :
25162519 /* The string may be destroyed while throwing the notice.
25172520 * Temporarily increase the refcount to detect this situation. */
2518- if (!(GC_FLAGS (str ) & IS_ARRAY_IMMUTABLE )) {
2521+ if (!(GC_FLAGS (str ) & IS_STR_INTERNED )) {
25192522 GC_ADDREF (str );
25202523 }
25212524 ZVAL_UNDEFINED_OP2 ();
2522- if (!(GC_FLAGS (str ) & IS_ARRAY_IMMUTABLE ) && GC_DELREF (str ) == 0 ) {
2525+ if (!(GC_FLAGS (str ) & IS_STR_INTERNED ) && UNEXPECTED ( GC_DELREF (str ) == 0 ) ) {
25232526 zend_string_efree (str );
25242527 ZVAL_NULL (result );
25252528 return ;
@@ -2532,11 +2535,11 @@ static zend_always_inline void zend_fetch_dimension_address_read(zval *result, z
25322535 if (type != BP_VAR_IS ) {
25332536 /* The string may be destroyed while throwing the notice.
25342537 * Temporarily increase the refcount to detect this situation. */
2535- if (!(GC_FLAGS (str ) & IS_ARRAY_IMMUTABLE )) {
2538+ if (!(GC_FLAGS (str ) & IS_STR_INTERNED )) {
25362539 GC_ADDREF (str );
25372540 }
25382541 zend_error (E_WARNING , "String offset cast occurred" );
2539- if (!(GC_FLAGS (str ) & IS_ARRAY_IMMUTABLE ) && GC_DELREF (str ) == 0 ) {
2542+ if (!(GC_FLAGS (str ) & IS_STR_INTERNED ) && UNEXPECTED ( GC_DELREF (str ) == 0 ) ) {
25402543 zend_string_efree (str );
25412544 ZVAL_NULL (result );
25422545 return ;
0 commit comments