From e8270edf9d82ef20c716fd04788b849f7e4c0a77 Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Fri, 7 Apr 2006 22:53:23 +0000
Subject: [PATCH] fix memory corruptions and leaks when cloning ArrayObjects
 and ArrayIterators

---
 ext/spl/spl_array.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c
index 9c0ba2acb17..c97073606db 100755
--- a/ext/spl/spl_array.c
+++ b/ext/spl/spl_array.c
@@ -144,10 +144,12 @@ static zend_object_value spl_array_object_new_ex(zend_class_entry *class_type, s
 		if (clone_orig) {
 			intern->array = other->array;
 			if (Z_OBJ_HT_P(orig) == &spl_handler_ArrayObject) {
-				ZVAL_ADDREF(intern->array);
-				SEPARATE_ZVAL(&intern->array);
+				MAKE_STD_ZVAL(intern->array);
+				array_init(intern->array);
+				zend_hash_copy(HASH_OF(intern->array), HASH_OF(other->array), (copy_ctor_func_t) zval_add_ref, &tmp, sizeof(zval*));
+			}
+			if (Z_OBJ_HT_P(orig) == &spl_handler_ArrayIterator) {
 				ZVAL_ADDREF(other->array);
-				ZVAL_ADDREF(intern->array);
 			}
 		} else {
 			intern->array = orig;