From e0b0ae9ce7c5f901e982d8deaee89bdb09bef852 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 9 Jun 2005 10:32:08 +0000
Subject: [PATCH] Fixed bug #25922 (In error handler, modifying 5th arg
 (errcontext) may result in seg fault)

---
 Zend/zend.c              | 3 +++
 tests/lang/bug25922.phpt | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Zend/zend.c b/Zend/zend.c
index f95d240170a..ab66e16ee92 100644
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -980,6 +980,9 @@ ZEND_API void zend_error(int type, const char *format, ...)
 			EG(user_error_handler) = NULL;
 	    
 			if (call_user_function_ex(CG(function_table), NULL, orig_user_error_handler, &retval, 5, params, 1, NULL TSRMLS_CC)==SUCCESS) {
+				if (Z_TYPE_P(z_context) != IS_ARRAY || z_context->value.ht != EG(active_symbol_table)) {
+					zend_error(E_ERROR, "User error handler must not modify error context");
+				}
 				if (retval) {
 					if (Z_TYPE_P(retval) == IS_BOOL && Z_LVAL_P(retval) == 0) {
 						zend_error_cb(type, error_filename, error_lineno, format, args);
diff --git a/tests/lang/bug25922.phpt b/tests/lang/bug25922.phpt
index 0588eef949a..1191472f29c 100755
--- a/tests/lang/bug25922.phpt
+++ b/tests/lang/bug25922.phpt
@@ -17,5 +17,5 @@ function test()
 }
 test();
 ?>
---EXPECT--
-Undefined index here: ''
+--EXPECTF--
+Fatal error: User error handler must not modify error context in %sbug25922.php on line 11