From d65c39504976bd8586d3a2e94b21077d199cd852 Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Wed, 31 Jan 2024 13:15:49 +0100
Subject: [PATCH] Fix instable array during in-place modification in uksort

The array isn't just observable if the array has RCn, but also if it is inside a
reference that is RCn. By-ref parameters are always RCn and as such always
observable.

Fixes GH-13279
Closes GH-13285
---
 NEWS                            |  3 +++
 ext/standard/array.c            | 12 ++----------
 ext/standard/tests/gh13279.phpt | 18 ++++++++++++++++++
 3 files changed, 23 insertions(+), 10 deletions(-)
 create mode 100644 ext/standard/tests/gh13279.phpt

diff --git a/NEWS b/NEWS
index 67e2f8a8d88..b095492c46c 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.3.4
 
+- Standard:
+  . Fixed bug GH-13279 (Instable array during in-place modification in uksort).
+    (ilutov)
 
 15 Feb 2024, PHP 8.3.3
 
diff --git a/ext/standard/array.c b/ext/standard/array.c
index 388b15a0879..0e99dd8fd5e 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -901,19 +901,11 @@ static void php_usort(INTERNAL_FUNCTION_PARAMETERS, bucket_compare_func_t compar
 		RETURN_TRUE;
 	}
 
-	/* Copy array, so the in-place modifications will not be visible to the callback function.
-	 * Unless there are no other references since we know for sure it won't be visible. */
-	bool in_place = zend_may_modify_arg_in_place(array);
-	if (!in_place) {
-		arr = zend_array_dup(arr);
-	}
+	/* Copy array, so the in-place modifications will not be visible to the callback function */
+	arr = zend_array_dup(arr);
 
 	zend_hash_sort(arr, compare_func, renumber);
 
-	if (in_place) {
-		GC_ADDREF(arr);
-	}
-
 	zval garbage;
 	ZVAL_COPY_VALUE(&garbage, array);
 	ZVAL_ARR(array, arr);
diff --git a/ext/standard/tests/gh13279.phpt b/ext/standard/tests/gh13279.phpt
new file mode 100644
index 00000000000..c39f520e57e
--- /dev/null
+++ b/ext/standard/tests/gh13279.phpt
@@ -0,0 +1,18 @@
+--TEST--
+GH-13279: Instable array during in-place modification in uksort
+--FILE--
+<?php
+
+// Make sure the array is not const
+$array = [];
+$array['a'] = 1;
+$array['b'] = 2;
+
+uksort($array, function ($a, $b) use (&$array) {
+    return $array[$a] - $array[$b];
+});
+
+?>
+===DONE===
+--EXPECT--
+===DONE===