From d4754843544f2768551fbd4bb737dd4272004db3 Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Wed, 31 Jan 2024 13:15:49 +0100
Subject: [PATCH] Fix instable array during in-place modification in uksort

The array isn't just observable if the array has RCn, but also if it is inside a
reference that is RCn. By-ref parameters are always RCn and as such always
observable.

Fixes GH-13279
---
 Zend/tests/gh13279.phpt | 18 ++++++++++++++++++
 ext/standard/array.c    | 12 ++----------
 2 files changed, 20 insertions(+), 10 deletions(-)
 create mode 100644 Zend/tests/gh13279.phpt

diff --git a/Zend/tests/gh13279.phpt b/Zend/tests/gh13279.phpt
new file mode 100644
index 0000000000000..c39f520e57e08
--- /dev/null
+++ b/Zend/tests/gh13279.phpt
@@ -0,0 +1,18 @@
+--TEST--
+GH-13279: Instable array during in-place modification in uksort
+--FILE--
+<?php
+
+// Make sure the array is not const
+$array = [];
+$array['a'] = 1;
+$array['b'] = 2;
+
+uksort($array, function ($a, $b) use (&$array) {
+    return $array[$a] - $array[$b];
+});
+
+?>
+===DONE===
+--EXPECT--
+===DONE===
diff --git a/ext/standard/array.c b/ext/standard/array.c
index 388b15a0879bb..0e99dd8fd5e50 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -901,19 +901,11 @@ static void php_usort(INTERNAL_FUNCTION_PARAMETERS, bucket_compare_func_t compar
 		RETURN_TRUE;
 	}
 
-	/* Copy array, so the in-place modifications will not be visible to the callback function.
-	 * Unless there are no other references since we know for sure it won't be visible. */
-	bool in_place = zend_may_modify_arg_in_place(array);
-	if (!in_place) {
-		arr = zend_array_dup(arr);
-	}
+	/* Copy array, so the in-place modifications will not be visible to the callback function */
+	arr = zend_array_dup(arr);
 
 	zend_hash_sort(arr, compare_func, renumber);
 
-	if (in_place) {
-		GC_ADDREF(arr);
-	}
-
 	zval garbage;
 	ZVAL_COPY_VALUE(&garbage, array);
 	ZVAL_ARR(array, arr);