Undef slot before destroying in unset_property

We need to make sure that destructors can't access the partially
destroyed property. Do the same we do in HTs.

Fixes oss-fuzz #362

Undef slot before destroying in unset_property

We need to make sure that destructors can't access the partially
destroyed property. Do the same we do in HTs.

Fixes oss-fuzz #36205.

show more ...

Fixed bug #80173

The analysis in the bug report wasn't correct (at least not in
this case -- there may still be a more general problem here),
the issue was that write_property return

Fixed bug #80173

The analysis in the bug report wasn't correct (at least not in
this case -- there may still be a more general problem here),
the issue was that write_property returned the original variable_ptr
rather than the zend_assign_to_variable() return value, which will
DEREF the variable before overwriting it.

show more ...

Don't treat failed assignment as initialization

Only reset the uninitialized property flag once the type check
has succeeded. Previously the property was treated as unset rather
than

Don't treat failed assignment as initialization

Only reset the uninitialized property flag once the type check
has succeeded. Previously the property was treated as unset rather
than uninitialized after a failed assignment.

Noticed this edge-case while working on accessors...

show more ...

Fixed bug #80723

This fixes the issue just for the Socket class. Presumably we'll
want to do the same for other "resource" objects.

Fix leak when setting dynamic property on generator

Fix assumption about property guard hash value

The "member" string here does not necessarily have a pre-calculated
hash value. In particular this is not the case if the class has no

Fix assumption about property guard hash value

The "member" string here does not necessarily have a pre-calculated
hash value. In particular this is not the case if the class has no
properties.

Fixes oss-fuzz #25546.

show more ...

Add GC_TRY_ADDREF macro

That adds a ref if not immutable. Also audit uses of GC_IMMUTABLE
to either use GC_TRY_ADDREF or GC_TRY_PROTECT_RECURSION.

Check for null EX(func) in write_property

This can happen if zend_call_function inserted a dummy frame,
and we already switched to the dummy frame in leave_helper,
and an exception i

Check for null EX(func) in write_property

This can happen if zend_call_function inserted a dummy frame,
and we already switched to the dummy frame in leave_helper,
and an exception is thrown during CV destruction.

Fixes oss-fuzz #25343.

show more ...

Fix bug #80037

If we're accessing an uninitialized typed property and __get is
defined, don't perform a read_property callback, as __get is
supposed to have no effect on uninitialize

Fix bug #80037

If we're accessing an uninitialized typed property and __get is
defined, don't perform a read_property callback, as __get is
supposed to have no effect on uninitialized typed properties.
Usually it doesn't, but by-reference assignments cannot be
performed through read_property.

I'm deleting the test for bug #80039 again, as it doesn't really
make sense anymore with this fix.

show more ...

Implement named parameters

From an engine perspective, named parameters mainly add three
concepts:

* The SEND_* opcodes now accept a CONST op2, which is the
argument nam

Implement named parameters

From an engine perspective, named parameters mainly add three
concepts:

* The SEND_* opcodes now accept a CONST op2, which is the
argument name. For now, it is looked up by linear scan and
runtime cached.
* This may leave UNDEF arguments on the stack. To avoid having
to deal with them in other places, a CHECK_UNDEF_ARGS opcode
is used to either replace them with defaults, or error.
* For variadic functions, EX(extra_named_params) are collected
and need to be freed based on ZEND_CALL_HAS_EXTRA_NAMED_PARAMS.

RFC: https://wiki.php.net/rfc/named_params

Closes GH-5357.

show more ...

Fixed bug #79862

While normally a private property in the active scope would take
priority, we should not use this if it has the wrong "staticness".

Review the usage of apostrophes in error messages

Closes GH-5590

Add flag to forbid dynamic property creation on internal classes

While performing resource -> object migrations, we're adding
defensive classes that are final, non-serializable and non-c

Add flag to forbid dynamic property creation on internal classes

While performing resource -> object migrations, we're adding
defensive classes that are final, non-serializable and non-clonable
(unless they are, of course). This path adds a ZEND_ACC_NO_DYNAMIC_PROPERTIES
flag, that also forbids the creation of dynamic properties on these objects.
This is a subset of #3931 and targeted at internal usage only
(though may be extended to userland at some point in the future).

It's already possible to achieve this (what the removed
WeakRef/WeakMap code does), but there's some caveats: First, this
simple approach is only possible if the class has no declared
properties, otherwise it's necessary to special-case those
properties. Second, it's easy to make it overly strict, e.g. by
forbidding isset($obj->prop) as well. And finally, it requires a
lot of boilerplate code for each class.

Closes GH-5572.

show more ...

Use ZEND_UNREACHABLE() instead of ZEND_ASSERT(0)

Instead of marking unreachable code with `ZEND_ASSERT(0)`, we introduce
`ZEND_UNREACHABLE()`, so that MSVC which does not consider `asser

Use ZEND_UNREACHABLE() instead of ZEND_ASSERT(0)

Instead of marking unreachable code with `ZEND_ASSERT(0)`, we introduce
`ZEND_UNREACHABLE()`, so that MSVC which does not consider `assert(0)`
to mark unreachable code does no longer trigger C4715[1] warnings in
debug builds. This may be useful for other compilers as well.

[1] <https://docs.microsoft.com/de-de/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4715?view=vs-2019>

show more ...

Back up fake_scope in zend_call_function

We regularly find new places where we forgot to reset fake_scope.
Instead of having to handle this for each caller of zend_call_function()
an

Back up fake_scope in zend_call_function

We regularly find new places where we forgot to reset fake_scope.
Instead of having to handle this for each caller of zend_call_function()
and similar APIs, handle it directly in zend_call_function().

show more ...

Add zend_call_known_function() API family

This adds the following APIs:

void zend_call_known_function(
zend_function *fn, zend_object *object, zend_class_entry *called_scope

Add zend_call_known_function() API family

This adds the following APIs:

void zend_call_known_function(
zend_function *fn, zend_object *object, zend_class_entry *called_scope,
zval *retval_ptr, int param_count, zval *params);

void zend_call_known_instance_method(
zend_function *fn, zend_object *object, zval *retval_ptr, int param_count, zval *params);
void zend_call_known_instance_method_with_0_params(
zend_function *fn, zend_object *object, zval *retval_ptr);
void zend_call_known_instance_method_with_1_params(
zend_function *fn, zend_object *object, zval *retval_ptr, zval *param);
void zend_call_known_instance_method_with_2_params(
zend_function *fn, zend_object *object, zval *retval_ptr, zval *param1, zval *param2);

These are used to perform a call if you already have the
zend_function you want to call. zend_call_known_function()
is the base API, the rest are just really thin wrappers around
it for the common case of instance method calls.

Closes GH-5692.

show more ...

Fixed bug #79683

Reset fake_scope during __toString() call.

I'll check if we can solve this more globally in master, by
resetting fake_scope in zend_call_function.

Fix expression warnings and break warnings

Close GH-5675.

Convert Exception::getMessage() result to string

We specify that the return type of Exception::getMessage() is a
string. However, we don't currently ensure this, because
Exception::$

Convert Exception::getMessage() result to string

We specify that the return type of Exception::getMessage() is a
string. However, we don't currently ensure this, because
Exception::$message is a protected member that can be set to any
type. Fix this by performing an explicit type-cast.

This also requires a temporary refcount increment in the __toString()
object handler, because there is no additional owner of the object,
and it may get released prematurely as part of the __toString() call.

show more ...

Fix [-Wundef] warning in Zend folder

Use correct variable

This seems to stem from a copy paste, however there is no object variable in this function

Make cast_object handler required

Avoid subtle differences in behavior depending on whether the
handler is absent or returns FAILURE.

If you previously set cast_object to NULL,

Make cast_object handler required

Avoid subtle differences in behavior depending on whether the
handler is absent or returns FAILURE.

If you previously set cast_object to NULL, create a handler that
always returns FAILURE instead.

show more ...

Add a ZEND_UNCOMPARABLE value

To explicitly indicate that objects are uncomparable. For now
this has no functional difference from the usual 1 return value,
but makes intent clearer.

Report object cast failures internally

Make cast_object return FAILURE for casts to int/float, rather than
throwing a notice and returning SUCCESS. Instead move the emission
of the n

Report object cast failures internally

Make cast_object return FAILURE for casts to int/float, rather than
throwing a notice and returning SUCCESS. Instead move the emission
of the notice to the code invoking cast_object. This will allow us
to customize the behavior per call-site.

This change is written to be NFC, and the code in
zend_std_compare_objects() should illustrate the current behavior
doesn't make a lot of sense.

show more ...

Simplify __call fetching for static methods

If we have a __call on a parent, we should always also have a
__call on the child, so there's no need to perform this walk.