Use retval by ref before it is freed

SammyK · SammyK · commit 0fa78a50c052 · 2020-11-16T11:01:45.000-08:00
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
@@ -4333,17 +4333,20 @@ ZEND_VM_COLD_CONST_HANDLER(111, ZEND_RETURN_BY_REF, CONST|TMP|VAR|CV, ANY, SRC,
 
 			retval_ptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
 			if (!EX(return_value)) {
+				ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 				FREE_OP1();
 			} else {
 				if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {
 					ZVAL_COPY_VALUE(EX(return_value), retval_ptr);
+					ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 					break;
 				}
 
 				ZVAL_NEW_REF(EX(return_value), retval_ptr);
 				if (OP1_TYPE == IS_CONST) {
 					Z_TRY_ADDREF_P(retval_ptr);
 				}
+				ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 			}
 			break;
 		}
@@ -4356,7 +4359,9 @@ ZEND_VM_COLD_CONST_HANDLER(111, ZEND_RETURN_BY_REF, CONST|TMP|VAR|CV, ANY, SRC,
 				zend_error(E_NOTICE, "Only variable references should be returned by reference");
 				if (EX(return_value)) {
 					ZVAL_NEW_REF(EX(return_value), retval_ptr);
+					ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 				} else {
+					ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 					FREE_OP1_VAR_PTR();
 				}
 				break;
@@ -4372,10 +4377,10 @@ ZEND_VM_COLD_CONST_HANDLER(111, ZEND_RETURN_BY_REF, CONST|TMP|VAR|CV, ANY, SRC,
 			ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));
 		}
 
+		ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 		FREE_OP1_VAR_PTR();
 	} while (0);
 
-	ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);
 	ZEND_VM_DISPATCH_TO_HELPER(zend_leave_helper);
 }
 
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
@@ -4197,16 +4197,19 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
 			retval_ptr = RT_CONSTANT(opline, opline->op1);
 			if (!EX(return_value)) {
 
+
 			} else {
 				if (IS_CONST == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {
 					ZVAL_COPY_VALUE(EX(return_value), retval_ptr);
+
 					break;
 				}
 
 				ZVAL_NEW_REF(EX(return_value), retval_ptr);
 				if (IS_CONST == IS_CONST) {
 					Z_TRY_ADDREF_P(retval_ptr);
 				}
+
 			}
 			break;
 		}
@@ -4219,8 +4222,10 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
 				zend_error(E_NOTICE, "Only variable references should be returned by reference");
 				if (EX(return_value)) {
 					ZVAL_NEW_REF(EX(return_value), retval_ptr);
+
 				} else {
 
+
 				}
 				break;
 			}
@@ -4235,6 +4240,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
 			ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));
 		}
 
+
 	} while (0);
 
 	ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
@@ -4255,17 +4261,20 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
 
 			retval_ptr = get_zval_ptr(opline->op1_type, opline->op1, BP_VAR_R);
 			if (!EX(return_value)) {
+				zend_observer_fcall_end(execute_data, retval_ptr);
 				FREE_OP(opline->op1_type, opline->op1.var);
 			} else {
 				if (opline->op1_type == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {
 					ZVAL_COPY_VALUE(EX(return_value), retval_ptr);
+					zend_observer_fcall_end(execute_data, retval_ptr);
 					break;
 				}
 
 				ZVAL_NEW_REF(EX(return_value), retval_ptr);
 				if (opline->op1_type == IS_CONST) {
 					Z_TRY_ADDREF_P(retval_ptr);
 				}
+				zend_observer_fcall_end(execute_data, retval_ptr);
 			}
 			break;
 		}
@@ -4278,7 +4287,9 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
 				zend_error(E_NOTICE, "Only variable references should be returned by reference");
 				if (EX(return_value)) {
 					ZVAL_NEW_REF(EX(return_value), retval_ptr);
+					zend_observer_fcall_end(execute_data, retval_ptr);
 				} else {
+					zend_observer_fcall_end(execute_data, retval_ptr);
 					if (opline->op1_type == IS_VAR) {zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));};
 				}
 				break;
@@ -4294,10 +4305,10 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE
 			ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));
 		}
 
+		zend_observer_fcall_end(execute_data, retval_ptr);
 		if (opline->op1_type == IS_VAR) {zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));};
 	} while (0);
 
-	zend_observer_fcall_end(execute_data, retval_ptr);
 	ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
 }
 
@@ -18639,17 +18650,20 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER
 
 			retval_ptr = _get_zval_ptr_tmp(opline->op1.var EXECUTE_DATA_CC);
 			if (!EX(return_value)) {
+
 				zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));
 			} else {
 				if (IS_TMP_VAR == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {
 					ZVAL_COPY_VALUE(EX(return_value), retval_ptr);
+
 					break;
 				}
 
 				ZVAL_NEW_REF(EX(return_value), retval_ptr);
 				if (IS_TMP_VAR == IS_CONST) {
 					Z_TRY_ADDREF_P(retval_ptr);
 				}
+
 			}
 			break;
 		}
@@ -18662,8 +18676,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER
 				zend_error(E_NOTICE, "Only variable references should be returned by reference");
 				if (EX(return_value)) {
 					ZVAL_NEW_REF(EX(return_value), retval_ptr);
+
 				} else {
 
+
 				}
 				break;
 			}
@@ -18678,6 +18694,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER
 			ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));
 		}
 
+
 	} while (0);
 
 	ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));
@@ -21215,17 +21232,20 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_VAR_HANDLER
 
 			retval_ptr = _get_zval_ptr_var(opline->op1.var EXECUTE_DATA_CC);
 			if (!EX(return_value)) {
+
 				zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));
 			} else {
 				if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {
 					ZVAL_COPY_VALUE(EX(return_value), retval_ptr);
+
 					break;
 				}
 
 				ZVAL_NEW_REF(EX(return_value), retval_ptr);
 				if (IS_VAR == IS_CONST) {
 					Z_TRY_ADDREF_P(retval_ptr);
 				}
+
 			}
 			break;
 		}
@@ -21238,7 +21258,9 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_VAR_HANDLER
 				zend_error(E_NOTICE, "Only variable references should be returned by reference");
 				if (EX(return_value)) {
 					ZVAL_NEW_REF(EX(return_value), retval_ptr);
+
 				} else {
+
 					zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));
 				}
 				break;
@@ -37758,16 +37780,19 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(
 			retval_ptr = _get_zval_ptr_cv_BP_VAR_R(opline->op1.var EXECUTE_DATA_CC);
 			if (!EX(return_value)) {
 
+
 			} else {
 				if (IS_CV == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {
 					ZVAL_COPY_VALUE(EX(return_value), retval_ptr);
+
 					break;
 				}
 
 				ZVAL_NEW_REF(EX(return_value), retval_ptr);
 				if (IS_CV == IS_CONST) {
 					Z_TRY_ADDREF_P(retval_ptr);
 				}
+
 			}
 			break;
 		}
@@ -37780,8 +37805,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(
 				zend_error(E_NOTICE, "Only variable references should be returned by reference");
 				if (EX(return_value)) {
 					ZVAL_NEW_REF(EX(return_value), retval_ptr);
+
 				} else {
 
+
 				}
 				break;
 			}
@@ -37796,6 +37823,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(
 			ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));
 		}
 
+
 	} while (0);
 
 	ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));

Original file line number	Diff line number	Diff line change
`@@ -4333,17 +4333,20 @@ ZEND_VM_COLD_CONST_HANDLER(111, ZEND_RETURN_BY_REF, CONST\|TMP\|VAR\|CV, ANY, SRC,`
`4333`	`4333`
`4334`	`4334`	`retval_ptr = GET_OP1_ZVAL_PTR(BP_VAR_R);`
`4335`	`4335`	`if (!EX(return_value)) {`
	`4336`	`+ ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4336`	`4337`	`FREE_OP1();`
`4337`	`4338`	`} else {`
`4338`	`4339`	`if (OP1_TYPE == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {`
`4339`	`4340`	`ZVAL_COPY_VALUE(EX(return_value), retval_ptr);`
	`4341`	`+ ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4340`	`4342`	`break;`
`4341`	`4343`	`}`
`4342`	`4344`
`4343`	`4345`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
`4344`	`4346`	`if (OP1_TYPE == IS_CONST) {`
`4345`	`4347`	`Z_TRY_ADDREF_P(retval_ptr);`
`4346`	`4348`	`}`
	`4349`	`+ ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4347`	`4350`	`}`
`4348`	`4351`	`break;`
`4349`	`4352`	`}`
`@@ -4356,7 +4359,9 @@ ZEND_VM_COLD_CONST_HANDLER(111, ZEND_RETURN_BY_REF, CONST\|TMP\|VAR\|CV, ANY, SRC,`
`4356`	`4359`	`zend_error(E_NOTICE, "Only variable references should be returned by reference");`
`4357`	`4360`	`if (EX(return_value)) {`
`4358`	`4361`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
	`4362`	`+ ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4359`	`4363`	`} else {`
	`4364`	`+ ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4360`	`4365`	`FREE_OP1_VAR_PTR();`
`4361`	`4366`	`}`
`4362`	`4367`	`break;`
`@@ -4372,10 +4377,10 @@ ZEND_VM_COLD_CONST_HANDLER(111, ZEND_RETURN_BY_REF, CONST\|TMP\|VAR\|CV, ANY, SRC,`
`4372`	`4377`	`ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));`
`4373`	`4378`	`}`
`4374`	`4379`
	`4380`	`+ ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4375`	`4381`	`FREE_OP1_VAR_PTR();`
`4376`	`4382`	`} while (0);`
`4377`	`4383`
`4378`		`- ZEND_OBSERVER_FCALL_END(execute_data, retval_ptr);`
`4379`	`4384`	`ZEND_VM_DISPATCH_TO_HELPER(zend_leave_helper);`
`4380`	`4385`	`}`
`4381`	`4386`
Original file line number	Diff line number	Diff line change
`@@ -4197,16 +4197,19 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE`
`4197`	`4197`	`retval_ptr = RT_CONSTANT(opline, opline->op1);`
`4198`	`4198`	`if (!EX(return_value)) {`
`4199`	`4199`
	`4200`	`+`
`4200`	`4201`	`} else {`
`4201`	`4202`	`if (IS_CONST == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {`
`4202`	`4203`	`ZVAL_COPY_VALUE(EX(return_value), retval_ptr);`
	`4204`	`+`
`4203`	`4205`	`break;`
`4204`	`4206`	`}`
`4205`	`4207`
`4206`	`4208`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
`4207`	`4209`	`if (IS_CONST == IS_CONST) {`
`4208`	`4210`	`Z_TRY_ADDREF_P(retval_ptr);`
`4209`	`4211`	`}`
	`4212`	`+`
`4210`	`4213`	`}`
`4211`	`4214`	`break;`
`4212`	`4215`	`}`
`@@ -4219,8 +4222,10 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE`
`4219`	`4222`	`zend_error(E_NOTICE, "Only variable references should be returned by reference");`
`4220`	`4223`	`if (EX(return_value)) {`
`4221`	`4224`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
	`4225`	`+`
`4222`	`4226`	`} else {`
`4223`	`4227`
	`4228`	`+`
`4224`	`4229`	`}`
`4225`	`4230`	`break;`
`4226`	`4231`	`}`
`@@ -4235,6 +4240,7 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE`
`4235`	`4240`	`ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));`
`4236`	`4241`	`}`
`4237`	`4242`
	`4243`	`+`
`4238`	`4244`	`} while (0);`
`4239`	`4245`
`4240`	`4246`	`ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));`
`@@ -4255,17 +4261,20 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE`
`4255`	`4261`
`4256`	`4262`	`retval_ptr = get_zval_ptr(opline->op1_type, opline->op1, BP_VAR_R);`
`4257`	`4263`	`if (!EX(return_value)) {`
	`4264`	`+ zend_observer_fcall_end(execute_data, retval_ptr);`
`4258`	`4265`	`FREE_OP(opline->op1_type, opline->op1.var);`
`4259`	`4266`	`} else {`
`4260`	`4267`	`if (opline->op1_type == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {`
`4261`	`4268`	`ZVAL_COPY_VALUE(EX(return_value), retval_ptr);`
	`4269`	`+ zend_observer_fcall_end(execute_data, retval_ptr);`
`4262`	`4270`	`break;`
`4263`	`4271`	`}`
`4264`	`4272`
`4265`	`4273`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
`4266`	`4274`	`if (opline->op1_type == IS_CONST) {`
`4267`	`4275`	`Z_TRY_ADDREF_P(retval_ptr);`
`4268`	`4276`	`}`
	`4277`	`+ zend_observer_fcall_end(execute_data, retval_ptr);`
`4269`	`4278`	`}`
`4270`	`4279`	`break;`
`4271`	`4280`	`}`
`@@ -4278,7 +4287,9 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE`
`4278`	`4287`	`zend_error(E_NOTICE, "Only variable references should be returned by reference");`
`4279`	`4288`	`if (EX(return_value)) {`
`4280`	`4289`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
	`4290`	`+ zend_observer_fcall_end(execute_data, retval_ptr);`
`4281`	`4291`	`} else {`
	`4292`	`+ zend_observer_fcall_end(execute_data, retval_ptr);`
`4282`	`4293`	`if (opline->op1_type == IS_VAR) {zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));};`
`4283`	`4294`	`}`
`4284`	`4295`	`break;`
`@@ -4294,10 +4305,10 @@ static ZEND_VM_COLD ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPE`
`4294`	`4305`	`ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));`
`4295`	`4306`	`}`
`4296`	`4307`
	`4308`	`+ zend_observer_fcall_end(execute_data, retval_ptr);`
`4297`	`4309`	`if (opline->op1_type == IS_VAR) {zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));};`
`4298`	`4310`	`} while (0);`
`4299`	`4311`
`4300`		`- zend_observer_fcall_end(execute_data, retval_ptr);`
`4301`	`4312`	`ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));`
`4302`	`4313`	`}`
`4303`	`4314`
`@@ -18639,17 +18650,20 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER`
`18639`	`18650`
`18640`	`18651`	`retval_ptr = _get_zval_ptr_tmp(opline->op1.var EXECUTE_DATA_CC);`
`18641`	`18652`	`if (!EX(return_value)) {`
	`18653`	`+`
`18642`	`18654`	`zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));`
`18643`	`18655`	`} else {`
`18644`	`18656`	`if (IS_TMP_VAR == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {`
`18645`	`18657`	`ZVAL_COPY_VALUE(EX(return_value), retval_ptr);`
	`18658`	`+`
`18646`	`18659`	`break;`
`18647`	`18660`	`}`
`18648`	`18661`
`18649`	`18662`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
`18650`	`18663`	`if (IS_TMP_VAR == IS_CONST) {`
`18651`	`18664`	`Z_TRY_ADDREF_P(retval_ptr);`
`18652`	`18665`	`}`
	`18666`	`+`
`18653`	`18667`	`}`
`18654`	`18668`	`break;`
`18655`	`18669`	`}`
`@@ -18662,8 +18676,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER`
`18662`	`18676`	`zend_error(E_NOTICE, "Only variable references should be returned by reference");`
`18663`	`18677`	`if (EX(return_value)) {`
`18664`	`18678`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
	`18679`	`+`
`18665`	`18680`	`} else {`
`18666`	`18681`
	`18682`	`+`
`18667`	`18683`	`}`
`18668`	`18684`	`break;`
`18669`	`18685`	`}`
`@@ -18678,6 +18694,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_TMP_HANDLER`
`18678`	`18694`	`ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));`
`18679`	`18695`	`}`
`18680`	`18696`
	`18697`	`+`
`18681`	`18698`	`} while (0);`
`18682`	`18699`
`18683`	`18700`	`ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));`
`@@ -21215,17 +21232,20 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_VAR_HANDLER`
`21215`	`21232`
`21216`	`21233`	`retval_ptr = _get_zval_ptr_var(opline->op1.var EXECUTE_DATA_CC);`
`21217`	`21234`	`if (!EX(return_value)) {`
	`21235`	`+`
`21218`	`21236`	`zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));`
`21219`	`21237`	`} else {`
`21220`	`21238`	`if (IS_VAR == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {`
`21221`	`21239`	`ZVAL_COPY_VALUE(EX(return_value), retval_ptr);`
	`21240`	`+`
`21222`	`21241`	`break;`
`21223`	`21242`	`}`
`21224`	`21243`
`21225`	`21244`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
`21226`	`21245`	`if (IS_VAR == IS_CONST) {`
`21227`	`21246`	`Z_TRY_ADDREF_P(retval_ptr);`
`21228`	`21247`	`}`
	`21248`	`+`
`21229`	`21249`	`}`
`21230`	`21250`	`break;`
`21231`	`21251`	`}`
`@@ -21238,7 +21258,9 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_VAR_HANDLER`
`21238`	`21258`	`zend_error(E_NOTICE, "Only variable references should be returned by reference");`
`21239`	`21259`	`if (EX(return_value)) {`
`21240`	`21260`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
	`21261`	`+`
`21241`	`21262`	`} else {`
	`21263`	`+`
`21242`	`21264`	`zval_ptr_dtor_nogc(EX_VAR(opline->op1.var));`
`21243`	`21265`	`}`
`21244`	`21266`	`break;`
`@@ -37758,16 +37780,19 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(`
`37758`	`37780`	`retval_ptr = _get_zval_ptr_cv_BP_VAR_R(opline->op1.var EXECUTE_DATA_CC);`
`37759`	`37781`	`if (!EX(return_value)) {`
`37760`	`37782`
	`37783`	`+`
`37761`	`37784`	`} else {`
`37762`	`37785`	`if (IS_CV == IS_VAR && UNEXPECTED(Z_ISREF_P(retval_ptr))) {`
`37763`	`37786`	`ZVAL_COPY_VALUE(EX(return_value), retval_ptr);`
	`37787`	`+`
`37764`	`37788`	`break;`
`37765`	`37789`	`}`
`37766`	`37790`
`37767`	`37791`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
`37768`	`37792`	`if (IS_CV == IS_CONST) {`
`37769`	`37793`	`Z_TRY_ADDREF_P(retval_ptr);`
`37770`	`37794`	`}`
	`37795`	`+`
`37771`	`37796`	`}`
`37772`	`37797`	`break;`
`37773`	`37798`	`}`
`@@ -37780,8 +37805,10 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(`
`37780`	`37805`	`zend_error(E_NOTICE, "Only variable references should be returned by reference");`
`37781`	`37806`	`if (EX(return_value)) {`
`37782`	`37807`	`ZVAL_NEW_REF(EX(return_value), retval_ptr);`
	`37808`	`+`
`37783`	`37809`	`} else {`
`37784`	`37810`
	`37811`	`+`
`37785`	`37812`	`}`
`37786`	`37813`	`break;`
`37787`	`37814`	`}`
`@@ -37796,6 +37823,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_RETURN_BY_REF_SPEC_CV_HANDLER(`
`37796`	`37823`	`ZVAL_REF(EX(return_value), Z_REF_P(retval_ptr));`
`37797`	`37824`	`}`
`37798`	`37825`
	`37826`	`+`
`37799`	`37827`	`} while (0);`
`37800`	`37828`
`37801`	`37829`	`ZEND_VM_TAIL_CALL(zend_leave_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU));`