php
diff --git a/‎NEWS
Lines changed: 1 addition & 0 deletions b/‎NEWS
Lines changed: 1 addition & 0 deletions
diff --git a/‎ext/standard/php_var.h
Lines changed: 1 addition & 0 deletions b/‎ext/standard/php_var.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎ext/standard/tests/serialize/bug65481.phpt
Lines changed: 40 additions & 0 deletions b/‎ext/standard/tests/serialize/bug65481.phpt
Lines changed: 40 additions & 0 deletions
@@ -3,6 +3,7 @@ PHP                                                                        NEWS
 ?? ??? 2013, PHP 5.4.19
 
 - Core:
+  . Fixed bug #65481 (shutdown segfault due to serialize) (Mike)
   . Fixed bug #65470 (Segmentation fault in zend_error() with 
     --enable-dtrace). (Chris Jones)
   . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
 
@@ -115,6 +115,7 @@ do { \
 
 PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval **nzval);
 PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval **val);
+PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval);
 PHPAPI void var_destroy(php_unserialize_data_t *var_hash);
 
 #define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \
 
@@ -0,0 +1,40 @@
+--TEST--
+Bug #65481 (shutdown segfault due to serialize)
+--FILE--
+<?php
+echo "Test\n";
+
+class A {
+	public $e = array();
+}
+
+class Token implements \Serializable {
+	public function serialize()
+	{
+		$c = new A;
+
+		for ($i = 0; $i < 4; $i++)
+		{
+			$e = new A;
+			$c->e[] = $e;
+			$e->e = $c->e;
+		}
+
+		return serialize(array(serialize($c)));
+	}
+
+	public function unserialize($str)
+	{
+		$r = unserialize($str);
+		$r = unserialize($r[0]);
+	}
+}
+
+$token = new Token;
+$token = serialize($token);
+
+?>
+Done
+--EXPECT--
+Test
+Done