From 441d1b8ef07c5dc7f5a7fada46d829eed21ed4bc Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Fri, 6 May 2016 10:45:44 +0800
Subject: [PATCH 1/2] Revert "Fix bug #72162 (again)"

The problem is because we release p->value too early

and later you try to convert an object to string, which is a fatal error

then leave p->value double free, change to expect long is a BC break

This reverts commit 8e5b38100411d3b8fa4486c7c41dec7dedb4b474.
---
 Zend/zend_builtin_functions.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index 7716d3e59b7..558a1b2ac6c 100644
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -689,22 +689,23 @@ ZEND_FUNCTION(each)
    Return the current error_reporting level, and if an argument was passed - change to the new level */
 ZEND_FUNCTION(error_reporting)
 {
-	zend_long err;
+	zval *err;
 	int old_error_reporting;
 
 #ifndef FAST_ZPP
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|l", &err) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|z", &err) == FAILURE) {
 		return;
 	}
 #else
 	ZEND_PARSE_PARAMETERS_START(0, 1)
 		Z_PARAM_OPTIONAL
-		Z_PARAM_LONG(err)
+		Z_PARAM_ZVAL(err)
 	ZEND_PARSE_PARAMETERS_END();
 #endif
 
 	old_error_reporting = EG(error_reporting);
 	if (ZEND_NUM_ARGS() != 0) {
+		zend_string *new_val = zval_get_string(err);
 		do {
 			zend_ini_entry *p = EG(error_reporting_ini_entry);
 
@@ -730,8 +731,12 @@ ZEND_FUNCTION(error_reporting)
 				zend_string_release(p->value);
 			}
 
-			p->value = zend_long_to_str(err);
-			EG(error_reporting) = err;
+			p->value = new_val;
+			if (Z_TYPE_P(err) == IS_LONG) {
+				EG(error_reporting) = Z_LVAL_P(err);
+			} else {
+				EG(error_reporting) = atoi(ZSTR_VAL(p->value));
+			}
 		} while (0);
 	}
 

From 080f6b10ecf6af557e8dc1732eb154a916cf6838 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Fri, 6 May 2016 10:51:38 +0800
Subject: [PATCH 2/2] Fixed test

---
 Zend/tests/bug72162.phpt | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Zend/tests/bug72162.phpt b/Zend/tests/bug72162.phpt
index 3cd12dea215..5902c585d8b 100644
--- a/Zend/tests/bug72162.phpt
+++ b/Zend/tests/bug72162.phpt
@@ -2,10 +2,9 @@
 Bug #72162 (use-after-free - error_reporting)
 --FILE--
 <?php
-error_reporting(1);
+error_reporting(E_ALL);
 $var11 = new StdClass();
 $var16 = error_reporting($var11);
 ?>
-okey
---EXPECT--
-okey
+--EXPECTF--
+Catchable fatal error: Object of class stdClass could not be converted to string in %sbug72162.php on line %d