It was found that php_stream_populate_meta_data is not restricted to writing into fields that are not already set, instead php_stream with ops set to php_stream_temp_ops fills the metadata with whatever the user supplies.
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1305565]
Limited integrity impact, unlikely to affect many use cases. No plan to backport the fix to existing products.