Make zval_ptr_dtor / _zval_dtor_func more robust

In particular, allow arrays with refcount>1, like we already allow
for all other types. _zval_dtor_func is now the same as
_zval_dtor_func_for_ptr with an extra refcount decrement check at
the start. At this point we might as well drop it...

Author: nikic

Zend/zend_variables.c

@@ -30,17 +30,20 @@
 
 ZEND_API void ZEND_FASTCALL _zval_dtor_func(zend_refcounted *p ZEND_FILE_LINE_DC)
 {
+	if (--GC_REFCOUNT(p)) {
+		return;
+	}
+
 	switch (GC_TYPE(p)) {
 		case IS_STRING:
 		case IS_CONSTANT: {
 				zend_string *str = (zend_string*)p;
 				CHECK_ZVAL_STRING_REL(str);
-				zend_string_release(str);
+				zend_string_free(str);
 				break;
 			}
 		case IS_ARRAY: {
 				zend_array *arr = (zend_array*)p;
-				ZEND_ASSERT(GC_REFCOUNT(arr) <= 1);
 				zend_array_destroy(arr);
 				break;
 			}
@@ -54,25 +57,21 @@ ZEND_API void ZEND_FASTCALL _zval_dtor_func(zend_refcounted *p ZEND_FILE_LINE_DC
 		case IS_OBJECT: {
 				zend_object *obj = (zend_object*)p;
 
-				OBJ_RELEASE(obj);
+				zend_objects_store_del(obj);
 				break;
 			}
 		case IS_RESOURCE: {
 				zend_resource *res = (zend_resource*)p;
 
-				if (--GC_REFCOUNT(res) == 0) {
-					/* destroy resource */
-					zend_list_free(res);
-				}
+				/* destroy resource */
+				zend_list_free(res);
 				break;
 			}
 		case IS_REFERENCE: {
 				zend_reference *ref = (zend_reference*)p;
-				if (--GC_REFCOUNT(ref) == 0) {
 
-					i_zval_ptr_dtor(&ref->val ZEND_FILE_LINE_RELAY_CC);
-					efree_size(ref, sizeof(zend_reference));
-				}
+				i_zval_ptr_dtor(&ref->val ZEND_FILE_LINE_RELAY_CC);
+				efree_size(ref, sizeof(zend_reference));
 				break;
 			}
 		default: