Fixed bug #77092

Weird that this worked for so long, probably because nearly all
ext/standard functions use fast ZPP rather than ordinary ZPP.

Author: nikic

NEWS

@@ -8,6 +8,7 @@ PHP                                                                        NEWS
 
 - Opcache:
   . Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita)
+  . Fixed bug #77092 (array_diff_key() - segmentation fault). (Nikita)
 
 - SOAP:
   . Fixed bug #50675 (SoapClient can't handle object references correctly).

ext/opcache/Optimizer/sccp.c

@@ -585,7 +585,7 @@ static inline int ct_eval_in_array(zval *result, uint32_t extended_value, zval *
 static inline int ct_eval_func_call(
 		zval *result, zend_string *name, uint32_t num_args, zval **args) {
 	uint32_t i;
-	zend_execute_data *execute_data;
+	zend_execute_data *execute_data, *prev_execute_data;
 	zend_function *func;
 	int overflow;
 
@@ -840,6 +840,9 @@ static inline int ct_eval_func_call(
 
 	execute_data = safe_emalloc(num_args, sizeof(zval), ZEND_CALL_FRAME_SLOT * sizeof(zval));
 	memset(execute_data, 0, sizeof(zend_execute_data));
+	prev_execute_data = EG(current_execute_data);
+	EG(current_execute_data) = execute_data;
+
 	EX(func) = func;
 	EX_NUM_ARGS() = num_args;
 	for (i = 0; i < num_args; i++) {
@@ -850,6 +853,7 @@ static inline int ct_eval_func_call(
 		zval_ptr_dtor_nogc(EX_VAR_NUM(i));
 	}
 	efree(execute_data);
+	EG(current_execute_data) = prev_execute_data;
 	return SUCCESS;
 }
 

ext/opcache/tests/bug77092.phpt

@@ -0,0 +1,20 @@
+--TEST--
+Bug #77092: array_diff_key() - segmentation fault
+--INI--
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+function test() {
+    $anyArrayOne = ['foo' => 'bar', 'bar' => 'baz'];
+    $anyArrayTwo = ['foo' => null];
+
+    print_r(array_diff_key($anyArrayOne, $anyArrayTwo));
+}
+test();
+?>
+--EXPECT--
+Array
+(
+    [bar] => baz
+)