#
f8d1864b |
| 01-May-2024 |
Ilija Tovilo |
Delay #[Attribute] arg validation until runtime Fixes GH-13970 Closes GH-14105 We cannot validate at compile-time for multiple reasons: * Evaluating the argument naivel
Delay #[Attribute] arg validation until runtime Fixes GH-13970 Closes GH-14105 We cannot validate at compile-time for multiple reasons: * Evaluating the argument naively with zend_get_attribute_value can lead to code execution at compile time through the new expression, leading to possible reentrance of the compiler. * Even if the evaluation was possible, it would need to be restricted to the current file, because constant values coming from other files can change without affecting the current compilation unit. For this reason, validation would need to be repeated at runtime anyway. * Enums cannot be instantiated at compile-time (the actual bug report). This could be allowed here, because the value is immediately destroyed. But given the other issues, this won't be needed. Instead, we just move it to runtime entirely. It's only needed for ReflectionAttribute::newInstance(), which is not particularly a hot path. The checks are also simple.
show more ...
|
#
f06afc43 |
| 01-Dec-2020 |
Nikita Popov |
Don't use scope when validating Attribute This is not safe to do at this point. Even if we made it safe, we'd see inconsistencies due to a partially compiled class. Fixes oss-fu
Don't use scope when validating Attribute This is not safe to do at this point. Even if we made it safe, we'd see inconsistencies due to a partially compiled class. Fixes oss-fuzz #28129.
show more ...
|