History log of /PHP-8.2/Zend/tests/attributes/032_attribute_validation_scope.phpt (Results 1 – 2 of 2)
Revision Date Author Comments
# f8d1864b 01-May-2024 Ilija Tovilo

Delay #[Attribute] arg validation until runtime

Fixes GH-13970
Closes GH-14105

We cannot validate at compile-time for multiple reasons:

* Evaluating the argument naivel

Delay #[Attribute] arg validation until runtime

Fixes GH-13970
Closes GH-14105

We cannot validate at compile-time for multiple reasons:

* Evaluating the argument naively with zend_get_attribute_value can lead to code
execution at compile time through the new expression, leading to possible
reentrance of the compiler.
* Even if the evaluation was possible, it would need to be restricted to the
current file, because constant values coming from other files can change
without affecting the current compilation unit. For this reason, validation
would need to be repeated at runtime anyway.
* Enums cannot be instantiated at compile-time (the actual bug report). This
could be allowed here, because the value is immediately destroyed. But given
the other issues, this won't be needed.

Instead, we just move it to runtime entirely. It's only needed for
ReflectionAttribute::newInstance(), which is not particularly a hot path. The
checks are also simple.

show more ...


# f06afc43 01-Dec-2020 Nikita Popov

Don't use scope when validating Attribute

This is not safe to do at this point. Even if we made it safe,
we'd see inconsistencies due to a partially compiled class.

Fixes oss-fu

Don't use scope when validating Attribute

This is not safe to do at this point. Even if we made it safe,
we'd see inconsistencies due to a partially compiled class.

Fixes oss-fuzz #28129.

show more ...