1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_variables.h"
24 #include "zend_API.h"
25 #include "zend_objects.h"
26 #include "zend_objects_API.h"
27 #include "zend_object_handlers.h"
28 #include "zend_interfaces.h"
29 #include "zend_exceptions.h"
30 #include "zend_closures.h"
31 #include "zend_compile.h"
32 #include "zend_hash.h"
33
34 #define DEBUG_OBJECT_HANDLERS 0
35
36 #define ZEND_WRONG_PROPERTY_OFFSET 0
37
38 /* guard flags */
39 #define IN_GET (1<<0)
40 #define IN_SET (1<<1)
41 #define IN_UNSET (1<<2)
42 #define IN_ISSET (1<<3)
43
44 /*
45 __X accessors explanation:
46
47 if we have __get and property that is not part of the properties array is
48 requested, we call __get handler. If it fails, we return uninitialized.
49
50 if we have __set and property that is not part of the properties array is
51 set, we call __set handler. If it fails, we do not change the array.
52
53 for both handlers above, when we are inside __get/__set, no further calls for
54 __get/__set for this property of this object will be made, to prevent endless
55 recursion and enable accessors to change properties array.
56
57 if we have __call and method which is not part of the class function table is
58 called, we cal __call handler.
59 */
60
rebuild_object_properties(zend_object * zobj)61 ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
62 {
63 if (!zobj->properties) {
64 zend_property_info *prop_info;
65 zend_class_entry *ce = zobj->ce;
66 int i;
67
68 zobj->properties = zend_new_array(ce->default_properties_count);
69 if (ce->default_properties_count) {
70 zend_hash_real_init_mixed(zobj->properties);
71 for (i = 0; i < ce->default_properties_count; i++) {
72 prop_info = ce->properties_info_table[i];
73
74 if (!prop_info) {
75 continue;
76 }
77
78 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
79 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
80 }
81
82 _zend_hash_append_ind(zobj->properties, prop_info->name,
83 OBJ_PROP(zobj, prop_info->offset));
84 }
85 }
86 }
87 }
88 /* }}} */
89
zend_std_build_object_properties_array(zend_object * zobj)90 ZEND_API HashTable *zend_std_build_object_properties_array(zend_object *zobj) /* {{{ */
91 {
92 zend_property_info *prop_info;
93 zend_class_entry *ce = zobj->ce;
94 HashTable *ht;
95 zval* prop;
96 int i;
97
98 ZEND_ASSERT(!zobj->properties);
99 ht = zend_new_array(ce->default_properties_count);
100 if (ce->default_properties_count) {
101 zend_hash_real_init_mixed(ht);
102 for (i = 0; i < ce->default_properties_count; i++) {
103 prop_info = ce->properties_info_table[i];
104
105 if (!prop_info) {
106 continue;
107 }
108
109 prop = OBJ_PROP(zobj, prop_info->offset);
110 if (UNEXPECTED(Z_TYPE_P(prop) == IS_UNDEF)) {
111 continue;
112 }
113
114 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
115 prop = Z_REFVAL_P(prop);
116 }
117
118 Z_TRY_ADDREF_P(prop);
119 _zend_hash_append(ht, prop_info->name, prop);
120 }
121 }
122 return ht;
123 }
124 /* }}} */
125
zend_std_get_properties(zend_object * zobj)126 ZEND_API HashTable *zend_std_get_properties(zend_object *zobj) /* {{{ */
127 {
128 if (!zobj->properties) {
129 rebuild_object_properties(zobj);
130 }
131 return zobj->properties;
132 }
133 /* }}} */
134
zend_std_get_gc(zend_object * zobj,zval ** table,int * n)135 ZEND_API HashTable *zend_std_get_gc(zend_object *zobj, zval **table, int *n) /* {{{ */
136 {
137 if (zobj->handlers->get_properties != zend_std_get_properties) {
138 *table = NULL;
139 *n = 0;
140 return zobj->handlers->get_properties(zobj);
141 } else {
142 if (zobj->properties) {
143 *table = NULL;
144 *n = 0;
145 return zobj->properties;
146 } else {
147 *table = zobj->properties_table;
148 *n = zobj->ce->default_properties_count;
149 return NULL;
150 }
151 }
152 }
153 /* }}} */
154
zend_std_get_debug_info(zend_object * object,int * is_temp)155 ZEND_API HashTable *zend_std_get_debug_info(zend_object *object, int *is_temp) /* {{{ */
156 {
157 zend_class_entry *ce = object->ce;
158 zval retval;
159 HashTable *ht;
160
161 if (!ce->__debugInfo) {
162 *is_temp = 0;
163 return object->handlers->get_properties(object);
164 }
165
166 zend_call_known_instance_method_with_0_params(ce->__debugInfo, object, &retval);
167 if (Z_TYPE(retval) == IS_ARRAY) {
168 if (!Z_REFCOUNTED(retval)) {
169 *is_temp = 1;
170 return zend_array_dup(Z_ARRVAL(retval));
171 } else if (Z_REFCOUNT(retval) <= 1) {
172 *is_temp = 1;
173 ht = Z_ARR(retval);
174 return ht;
175 } else {
176 *is_temp = 0;
177 zval_ptr_dtor(&retval);
178 return Z_ARRVAL(retval);
179 }
180 } else if (Z_TYPE(retval) == IS_NULL) {
181 *is_temp = 1;
182 ht = zend_new_array(0);
183 return ht;
184 }
185
186 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
187
188 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
189 }
190 /* }}} */
191
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)192 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
193 {
194 zval member;
195 ZVAL_STR(&member, prop_name);
196 zend_call_known_instance_method_with_1_params(zobj->ce->__get, zobj, retval, &member);
197 }
198 /* }}} */
199
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)200 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
201 {
202 zval args[2];
203 ZVAL_STR(&args[0], prop_name);
204 ZVAL_COPY_VALUE(&args[1], value);
205 zend_call_known_instance_method(zobj->ce->__set, zobj, NULL, 2, args);
206 }
207 /* }}} */
208
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)209 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
210 {
211 zval member;
212 ZVAL_STR(&member, prop_name);
213 zend_call_known_instance_method_with_1_params(zobj->ce->__unset, zobj, NULL, &member);
214 }
215 /* }}} */
216
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)217 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
218 {
219 zval member;
220 ZVAL_STR(&member, prop_name);
221 zend_call_known_instance_method_with_1_params(zobj->ce->__isset, zobj, retval, &member);
222 }
223 /* }}} */
224
225
is_derived_class(zend_class_entry * child_class,zend_class_entry * parent_class)226 static zend_always_inline bool is_derived_class(zend_class_entry *child_class, zend_class_entry *parent_class) /* {{{ */
227 {
228 child_class = child_class->parent;
229 while (child_class) {
230 if (child_class == parent_class) {
231 return 1;
232 }
233 child_class = child_class->parent;
234 }
235
236 return 0;
237 }
238 /* }}} */
239
is_protected_compatible_scope(zend_class_entry * ce,zend_class_entry * scope)240 static zend_never_inline int is_protected_compatible_scope(zend_class_entry *ce, zend_class_entry *scope) /* {{{ */
241 {
242 return scope &&
243 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
244 }
245 /* }}} */
246
zend_get_parent_private_property(zend_class_entry * scope,zend_class_entry * ce,zend_string * member)247 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, zend_class_entry *ce, zend_string *member) /* {{{ */
248 {
249 zval *zv;
250 zend_property_info *prop_info;
251
252 if (scope != ce && scope && is_derived_class(ce, scope)) {
253 zv = zend_hash_find(&scope->properties_info, member);
254 if (zv != NULL) {
255 prop_info = (zend_property_info*)Z_PTR_P(zv);
256 if ((prop_info->flags & ZEND_ACC_PRIVATE)
257 && prop_info->ce == scope) {
258 return prop_info;
259 }
260 }
261 }
262 return NULL;
263 }
264 /* }}} */
265
zend_bad_property_access(zend_property_info * property_info,zend_class_entry * ce,zend_string * member)266 static ZEND_COLD zend_never_inline void zend_bad_property_access(zend_property_info *property_info, zend_class_entry *ce, zend_string *member) /* {{{ */
267 {
268 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
269 }
270 /* }}} */
271
zend_bad_property_name(void)272 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
273 {
274 zend_throw_error(NULL, "Cannot access property starting with \"\\0\"");
275 }
276 /* }}} */
277
zend_forbidden_dynamic_property(zend_class_entry * ce,zend_string * member)278 static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
279 zend_class_entry *ce, zend_string *member) {
280 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
281 ZSTR_VAL(ce->name), ZSTR_VAL(member));
282 }
283
zend_deprecated_dynamic_property(zend_object * obj,zend_string * member)284 static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
285 zend_object *obj, zend_string *member) {
286 GC_ADDREF(obj);
287 zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
288 ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
289 if (UNEXPECTED(GC_DELREF(obj) == 0)) {
290 zend_class_entry *ce = obj->ce;
291 zend_objects_store_del(obj);
292 if (!EG(exception)) {
293 /* We cannot continue execution and have to throw an exception */
294 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
295 ZSTR_VAL(ce->name), ZSTR_VAL(member));
296 }
297 return 0;
298 }
299 return 1;
300 }
301
zend_readonly_property_modification_scope_error(zend_class_entry * ce,zend_string * member,zend_class_entry * scope,const char * operation)302 static ZEND_COLD zend_never_inline void zend_readonly_property_modification_scope_error(
303 zend_class_entry *ce, zend_string *member, zend_class_entry *scope, const char *operation) {
304 zend_throw_error(NULL, "Cannot %s readonly property %s::$%s from %s%s",
305 operation, ZSTR_VAL(ce->name), ZSTR_VAL(member),
306 scope ? "scope " : "global scope", scope ? ZSTR_VAL(scope->name) : "");
307 }
308
zend_readonly_property_unset_error(zend_class_entry * ce,zend_string * member)309 static ZEND_COLD zend_never_inline void zend_readonly_property_unset_error(
310 zend_class_entry *ce, zend_string *member) {
311 zend_throw_error(NULL, "Cannot unset readonly property %s::$%s",
312 ZSTR_VAL(ce->name), ZSTR_VAL(member));
313 }
314
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,zend_property_info ** info_ptr)315 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, zend_property_info **info_ptr) /* {{{ */
316 {
317 zval *zv;
318 zend_property_info *property_info;
319 uint32_t flags;
320 zend_class_entry *scope;
321 uintptr_t offset;
322
323 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
324 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
325 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
326 }
327
328 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
329 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
330 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
331 if (!silent) {
332 zend_bad_property_name();
333 }
334 return ZEND_WRONG_PROPERTY_OFFSET;
335 }
336 dynamic:
337 if (cache_slot) {
338 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
339 CACHE_PTR_EX(cache_slot + 2, NULL);
340 }
341 return ZEND_DYNAMIC_PROPERTY_OFFSET;
342 }
343
344 property_info = (zend_property_info*)Z_PTR_P(zv);
345 flags = property_info->flags;
346
347 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
348 if (UNEXPECTED(EG(fake_scope))) {
349 scope = EG(fake_scope);
350 } else {
351 scope = zend_get_executed_scope();
352 }
353
354 if (property_info->ce != scope) {
355 if (flags & ZEND_ACC_CHANGED) {
356 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
357
358 /* If there is a public/protected instance property on ce, don't try to use a
359 * private static property on scope. If both are static, prefer the static
360 * property on scope. This will throw a static property notice, rather than
361 * a visibility error. */
362 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
363 property_info = p;
364 flags = property_info->flags;
365 goto found;
366 } else if (flags & ZEND_ACC_PUBLIC) {
367 goto found;
368 }
369 }
370 if (flags & ZEND_ACC_PRIVATE) {
371 if (property_info->ce != ce) {
372 goto dynamic;
373 } else {
374 wrong:
375 /* Information was available, but we were denied access. Error out. */
376 if (!silent) {
377 zend_bad_property_access(property_info, ce, member);
378 }
379 return ZEND_WRONG_PROPERTY_OFFSET;
380 }
381 } else {
382 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
383 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
384 goto wrong;
385 }
386 }
387 }
388 }
389
390 found:
391 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
392 if (!silent) {
393 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
394 }
395 return ZEND_DYNAMIC_PROPERTY_OFFSET;
396 }
397
398 offset = property_info->offset;
399 if (EXPECTED(!ZEND_TYPE_IS_SET(property_info->type))) {
400 property_info = NULL;
401 } else {
402 *info_ptr = property_info;
403 }
404 if (cache_slot) {
405 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
406 CACHE_PTR_EX(cache_slot + 2, property_info);
407 }
408 return offset;
409 }
410 /* }}} */
411
zend_wrong_offset(zend_class_entry * ce,zend_string * member)412 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
413 {
414 zend_property_info *dummy;
415
416 /* Trigger the correct error */
417 zend_get_property_offset(ce, member, 0, NULL, &dummy);
418 }
419 /* }}} */
420
zend_get_property_info(zend_class_entry * ce,zend_string * member,int silent)421 ZEND_API zend_property_info *zend_get_property_info(zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
422 {
423 zval *zv;
424 zend_property_info *property_info;
425 uint32_t flags;
426 zend_class_entry *scope;
427
428 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
429 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
430 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
431 if (!silent) {
432 zend_bad_property_name();
433 }
434 return ZEND_WRONG_PROPERTY_INFO;
435 }
436 dynamic:
437 return NULL;
438 }
439
440 property_info = (zend_property_info*)Z_PTR_P(zv);
441 flags = property_info->flags;
442
443 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
444 if (UNEXPECTED(EG(fake_scope))) {
445 scope = EG(fake_scope);
446 } else {
447 scope = zend_get_executed_scope();
448 }
449 if (property_info->ce != scope) {
450 if (flags & ZEND_ACC_CHANGED) {
451 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
452
453 if (p) {
454 property_info = p;
455 flags = property_info->flags;
456 goto found;
457 } else if (flags & ZEND_ACC_PUBLIC) {
458 goto found;
459 }
460 }
461 if (flags & ZEND_ACC_PRIVATE) {
462 if (property_info->ce != ce) {
463 goto dynamic;
464 } else {
465 wrong:
466 /* Information was available, but we were denied access. Error out. */
467 if (!silent) {
468 zend_bad_property_access(property_info, ce, member);
469 }
470 return ZEND_WRONG_PROPERTY_INFO;
471 }
472 } else {
473 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
474 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
475 goto wrong;
476 }
477 }
478 }
479 }
480
481 found:
482 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
483 if (!silent) {
484 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
485 }
486 }
487 return property_info;
488 }
489 /* }}} */
490
zend_check_property_access(zend_object * zobj,zend_string * prop_info_name,bool is_dynamic)491 ZEND_API int zend_check_property_access(zend_object *zobj, zend_string *prop_info_name, bool is_dynamic) /* {{{ */
492 {
493 zend_property_info *property_info;
494 const char *class_name = NULL;
495 const char *prop_name;
496 zend_string *member;
497 size_t prop_name_len;
498
499 if (ZSTR_VAL(prop_info_name)[0] == 0) {
500 if (is_dynamic) {
501 return SUCCESS;
502 }
503
504 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
505 member = zend_string_init(prop_name, prop_name_len, 0);
506 property_info = zend_get_property_info(zobj->ce, member, 1);
507 zend_string_release_ex(member, 0);
508 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
509 return FAILURE;
510 }
511
512 if (class_name[0] != '*') {
513 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
514 /* we we're looking for a private prop but found a non private one of the same name */
515 return FAILURE;
516 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
517 /* we we're looking for a private prop but found a private one of the same name but another class */
518 return FAILURE;
519 }
520 } else {
521 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
522 }
523 return SUCCESS;
524 } else {
525 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
526 if (property_info == NULL) {
527 ZEND_ASSERT(is_dynamic);
528 return SUCCESS;
529 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
530 return FAILURE;
531 }
532 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
533 }
534 }
535 /* }}} */
536
zend_property_guard_dtor(zval * el)537 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
538 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
539 if (EXPECTED(!(((zend_uintptr_t)ptr) & 1))) {
540 efree_size(ptr, sizeof(uint32_t));
541 }
542 }
543 /* }}} */
544
zend_get_property_guard(zend_object * zobj,zend_string * member)545 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
546 {
547 HashTable *guards;
548 zval *zv;
549 uint32_t *ptr;
550
551 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
552 zv = zobj->properties_table + zobj->ce->default_properties_count;
553 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
554 zend_string *str = Z_STR_P(zv);
555 if (EXPECTED(str == member) ||
556 /* str and member don't necessarily have a pre-calculated hash value here */
557 EXPECTED(zend_string_equal_content(str, member))) {
558 return &Z_PROPERTY_GUARD_P(zv);
559 } else if (EXPECTED(Z_PROPERTY_GUARD_P(zv) == 0)) {
560 zval_ptr_dtor_str(zv);
561 ZVAL_STR_COPY(zv, member);
562 return &Z_PROPERTY_GUARD_P(zv);
563 } else {
564 ALLOC_HASHTABLE(guards);
565 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
566 /* mark pointer as "special" using low bit */
567 zend_hash_add_new_ptr(guards, str,
568 (void*)(((zend_uintptr_t)&Z_PROPERTY_GUARD_P(zv)) | 1));
569 zval_ptr_dtor_str(zv);
570 ZVAL_ARR(zv, guards);
571 }
572 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
573 guards = Z_ARRVAL_P(zv);
574 ZEND_ASSERT(guards != NULL);
575 zv = zend_hash_find(guards, member);
576 if (zv != NULL) {
577 return (uint32_t*)(((zend_uintptr_t)Z_PTR_P(zv)) & ~1);
578 }
579 } else {
580 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
581 ZVAL_STR_COPY(zv, member);
582 Z_PROPERTY_GUARD_P(zv) = 0;
583 return &Z_PROPERTY_GUARD_P(zv);
584 }
585 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
586 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
587 *ptr = 0;
588 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
589 }
590 /* }}} */
591
zend_std_read_property(zend_object * zobj,zend_string * name,int type,void ** cache_slot,zval * rv)592 ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int type, void **cache_slot, zval *rv) /* {{{ */
593 {
594 zval *retval;
595 uintptr_t property_offset;
596 zend_property_info *prop_info = NULL;
597 uint32_t *guard = NULL;
598 zend_string *tmp_name = NULL;
599
600 #if DEBUG_OBJECT_HANDLERS
601 fprintf(stderr, "Read object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
602 #endif
603
604 /* make zend_get_property_info silent if we have getter - we may want to use it */
605 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
606
607 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
608 retval = OBJ_PROP(zobj, property_offset);
609 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
610 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)
611 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
612 if (Z_TYPE_P(retval) == IS_OBJECT) {
613 /* For objects, W/RW/UNSET fetch modes might not actually modify object.
614 * Similar as with magic __get() allow them, but return the value as a copy
615 * to make sure no actual modification is possible. */
616 ZVAL_COPY(rv, retval);
617 retval = rv;
618 } else {
619 zend_readonly_property_modification_error(prop_info);
620 retval = &EG(uninitialized_zval);
621 }
622 }
623 goto exit;
624 } else {
625 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
626 if (type == BP_VAR_W || type == BP_VAR_RW) {
627 zend_readonly_property_indirect_modification_error(prop_info);
628 retval = &EG(uninitialized_zval);
629 goto exit;
630 } else if (type == BP_VAR_UNSET) {
631 retval = &EG(uninitialized_zval);
632 goto exit;
633 }
634 }
635 }
636 if (UNEXPECTED(Z_PROP_FLAG_P(retval) == IS_PROP_UNINIT)) {
637 /* Skip __get() for uninitialized typed properties */
638 goto uninit_error;
639 }
640 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
641 if (EXPECTED(zobj->properties != NULL)) {
642 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
643 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
644
645 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
646 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
647
648 if (EXPECTED(p->key == name) ||
649 (EXPECTED(p->h == ZSTR_H(name)) &&
650 EXPECTED(p->key != NULL) &&
651 EXPECTED(zend_string_equal_content(p->key, name)))) {
652 retval = &p->val;
653 goto exit;
654 }
655 }
656 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
657 }
658 retval = zend_hash_find(zobj->properties, name);
659 if (EXPECTED(retval)) {
660 if (cache_slot) {
661 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
662 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
663 }
664 goto exit;
665 }
666 }
667 } else if (UNEXPECTED(EG(exception))) {
668 retval = &EG(uninitialized_zval);
669 goto exit;
670 }
671
672 /* magic isset */
673 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
674 zval tmp_result;
675 guard = zend_get_property_guard(zobj, name);
676
677 if (!((*guard) & IN_ISSET)) {
678 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
679 tmp_name = zend_string_copy(name);
680 }
681 GC_ADDREF(zobj);
682 ZVAL_UNDEF(&tmp_result);
683
684 *guard |= IN_ISSET;
685 zend_std_call_issetter(zobj, name, &tmp_result);
686 *guard &= ~IN_ISSET;
687
688 if (!zend_is_true(&tmp_result)) {
689 retval = &EG(uninitialized_zval);
690 OBJ_RELEASE(zobj);
691 zval_ptr_dtor(&tmp_result);
692 goto exit;
693 }
694
695 zval_ptr_dtor(&tmp_result);
696 if (zobj->ce->__get && !((*guard) & IN_GET)) {
697 goto call_getter;
698 }
699 OBJ_RELEASE(zobj);
700 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
701 goto call_getter_addref;
702 }
703 } else if (zobj->ce->__get) {
704 /* magic get */
705 guard = zend_get_property_guard(zobj, name);
706 if (!((*guard) & IN_GET)) {
707 /* have getter - try with it! */
708 call_getter_addref:
709 GC_ADDREF(zobj);
710 call_getter:
711 *guard |= IN_GET; /* prevent circular getting */
712 zend_std_call_getter(zobj, name, rv);
713 *guard &= ~IN_GET;
714
715 if (Z_TYPE_P(rv) != IS_UNDEF) {
716 retval = rv;
717 if (!Z_ISREF_P(rv) &&
718 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
719 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
720 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
721 }
722 }
723 } else {
724 retval = &EG(uninitialized_zval);
725 }
726
727 if (UNEXPECTED(prop_info)) {
728 zend_verify_prop_assignable_by_ref(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0);
729 }
730
731 OBJ_RELEASE(zobj);
732 goto exit;
733 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
734 /* Trigger the correct error */
735 zend_get_property_offset(zobj->ce, name, 0, NULL, &prop_info);
736 ZEND_ASSERT(EG(exception));
737 retval = &EG(uninitialized_zval);
738 goto exit;
739 }
740 }
741
742 uninit_error:
743 if (type != BP_VAR_IS) {
744 if (UNEXPECTED(prop_info)) {
745 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
746 ZSTR_VAL(prop_info->ce->name),
747 ZSTR_VAL(name));
748 } else {
749 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
750 }
751 }
752 retval = &EG(uninitialized_zval);
753
754 exit:
755 zend_tmp_string_release(tmp_name);
756
757 return retval;
758 }
759 /* }}} */
760
property_uses_strict_types(void)761 static zend_always_inline bool property_uses_strict_types(void) {
762 zend_execute_data *execute_data = EG(current_execute_data);
763 return execute_data
764 && execute_data->func
765 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
766 }
767
verify_readonly_initialization_access(zend_property_info * prop_info,zend_class_entry * ce,zend_string * name,const char * operation)768 static bool verify_readonly_initialization_access(
769 zend_property_info *prop_info, zend_class_entry *ce,
770 zend_string *name, const char *operation) {
771 zend_class_entry *scope;
772 if (UNEXPECTED(EG(fake_scope))) {
773 scope = EG(fake_scope);
774 } else {
775 scope = zend_get_executed_scope();
776 }
777 if (prop_info->ce == scope) {
778 return true;
779 }
780
781 /* We may have redeclared a parent property. In that case the parent should still be
782 * allowed to initialize it. */
783 if (scope && is_derived_class(ce, scope)) {
784 zend_property_info *prop_info = zend_hash_find_ptr(&scope->properties_info, name);
785 if (prop_info) {
786 /* This should be ensured by inheritance. */
787 ZEND_ASSERT(prop_info->flags & ZEND_ACC_READONLY);
788 if (prop_info->ce == scope) {
789 return true;
790 }
791 }
792 }
793
794 zend_readonly_property_modification_scope_error(prop_info->ce, name, scope, operation);
795 return false;
796 }
797
zend_std_write_property(zend_object * zobj,zend_string * name,zval * value,void ** cache_slot)798 ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zval *value, void **cache_slot) /* {{{ */
799 {
800 zval *variable_ptr, tmp;
801 uintptr_t property_offset;
802 zend_property_info *prop_info = NULL;
803 ZEND_ASSERT(!Z_ISREF_P(value));
804
805 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
806
807 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
808 variable_ptr = OBJ_PROP(zobj, property_offset);
809 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
810 Z_TRY_ADDREF_P(value);
811
812 if (UNEXPECTED(prop_info)) {
813 if (UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
814 Z_TRY_DELREF_P(value);
815 zend_readonly_property_modification_error(prop_info);
816 variable_ptr = &EG(error_zval);
817 goto exit;
818 }
819
820 ZVAL_COPY_VALUE(&tmp, value);
821 if (UNEXPECTED(!zend_verify_property_type(prop_info, &tmp, property_uses_strict_types()))) {
822 zval_ptr_dtor(&tmp);
823 variable_ptr = &EG(error_zval);
824 goto exit;
825 }
826 value = &tmp;
827 }
828
829 found:
830 variable_ptr = zend_assign_to_variable(
831 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types());
832 goto exit;
833 }
834 if (Z_PROP_FLAG_P(variable_ptr) == IS_PROP_UNINIT) {
835 /* Writes to uninitialized typed properties bypass __set(). */
836 goto write_std_property;
837 }
838 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
839 if (EXPECTED(zobj->properties != NULL)) {
840 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
841 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
842 GC_DELREF(zobj->properties);
843 }
844 zobj->properties = zend_array_dup(zobj->properties);
845 }
846 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
847 Z_TRY_ADDREF_P(value);
848 goto found;
849 }
850 }
851 } else if (UNEXPECTED(EG(exception))) {
852 variable_ptr = &EG(error_zval);
853 goto exit;
854 }
855
856 /* magic set */
857 if (zobj->ce->__set) {
858 uint32_t *guard = zend_get_property_guard(zobj, name);
859
860 if (!((*guard) & IN_SET)) {
861 GC_ADDREF(zobj);
862 (*guard) |= IN_SET; /* prevent circular setting */
863 zend_std_call_setter(zobj, name, value);
864 (*guard) &= ~IN_SET;
865 OBJ_RELEASE(zobj);
866 variable_ptr = value;
867 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
868 goto write_std_property;
869 } else {
870 /* Trigger the correct error */
871 zend_wrong_offset(zobj->ce, name);
872 ZEND_ASSERT(EG(exception));
873 variable_ptr = &EG(error_zval);
874 goto exit;
875 }
876 } else {
877 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
878 write_std_property:
879 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
880 variable_ptr = OBJ_PROP(zobj, property_offset);
881
882 Z_TRY_ADDREF_P(value);
883 if (UNEXPECTED(prop_info)) {
884 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY)
885 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "initialize"))) {
886 Z_TRY_DELREF_P(value);
887 variable_ptr = &EG(error_zval);
888 goto exit;
889 }
890
891 ZVAL_COPY_VALUE(&tmp, value);
892 if (UNEXPECTED(!zend_verify_property_type(prop_info, &tmp, property_uses_strict_types()))) {
893 zval_ptr_dtor(&tmp);
894 goto exit;
895 }
896 value = &tmp;
897 Z_PROP_FLAG_P(variable_ptr) = 0;
898 goto found; /* might have been updated via e.g. __toString() */
899 }
900
901 ZVAL_COPY_VALUE(variable_ptr, value);
902 } else {
903 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
904 zend_forbidden_dynamic_property(zobj->ce, name);
905 variable_ptr = &EG(error_zval);
906 goto exit;
907 }
908 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
909 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
910 variable_ptr = &EG(error_zval);
911 goto exit;
912 }
913 }
914
915 Z_TRY_ADDREF_P(value);
916 if (!zobj->properties) {
917 rebuild_object_properties(zobj);
918 }
919 variable_ptr = zend_hash_add_new(zobj->properties, name, value);
920 }
921 }
922
923 exit:
924 return variable_ptr;
925 }
926 /* }}} */
927
zend_bad_array_access(zend_class_entry * ce)928 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
929 {
930 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
931 }
932 /* }}} */
933
zend_std_read_dimension(zend_object * object,zval * offset,int type,zval * rv)934 ZEND_API zval *zend_std_read_dimension(zend_object *object, zval *offset, int type, zval *rv) /* {{{ */
935 {
936 zend_class_entry *ce = object->ce;
937 zval tmp_offset;
938
939 /* arrayaccess_funcs_ptr is set if (and only if) the class implements zend_ce_arrayaccess */
940 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
941 if (EXPECTED(funcs)) {
942 if (offset == NULL) {
943 /* [] construct */
944 ZVAL_NULL(&tmp_offset);
945 } else {
946 ZVAL_COPY_DEREF(&tmp_offset, offset);
947 }
948
949 GC_ADDREF(object);
950 if (type == BP_VAR_IS) {
951 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, rv, &tmp_offset);
952 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
953 OBJ_RELEASE(object);
954 zval_ptr_dtor(&tmp_offset);
955 return NULL;
956 }
957 if (!i_zend_is_true(rv)) {
958 OBJ_RELEASE(object);
959 zval_ptr_dtor(&tmp_offset);
960 zval_ptr_dtor(rv);
961 return &EG(uninitialized_zval);
962 }
963 zval_ptr_dtor(rv);
964 }
965
966 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, rv, &tmp_offset);
967
968 OBJ_RELEASE(object);
969 zval_ptr_dtor(&tmp_offset);
970
971 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
972 if (UNEXPECTED(!EG(exception))) {
973 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
974 }
975 return NULL;
976 }
977 return rv;
978 } else {
979 zend_bad_array_access(ce);
980 return NULL;
981 }
982 }
983 /* }}} */
984
zend_std_write_dimension(zend_object * object,zval * offset,zval * value)985 ZEND_API void zend_std_write_dimension(zend_object *object, zval *offset, zval *value) /* {{{ */
986 {
987 zend_class_entry *ce = object->ce;
988 zval tmp_offset;
989
990 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
991 if (EXPECTED(funcs)) {
992 if (!offset) {
993 ZVAL_NULL(&tmp_offset);
994 } else {
995 ZVAL_COPY_DEREF(&tmp_offset, offset);
996 }
997 GC_ADDREF(object);
998 zend_call_known_instance_method_with_2_params(funcs->zf_offsetset, object, NULL, &tmp_offset, value);
999 OBJ_RELEASE(object);
1000 zval_ptr_dtor(&tmp_offset);
1001 } else {
1002 zend_bad_array_access(ce);
1003 }
1004 }
1005 /* }}} */
1006
zend_std_has_dimension(zend_object * object,zval * offset,int check_empty)1007 ZEND_API int zend_std_has_dimension(zend_object *object, zval *offset, int check_empty) /* {{{ */
1008 {
1009 zend_class_entry *ce = object->ce;
1010 zval retval, tmp_offset;
1011 int result;
1012
1013 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1014 if (EXPECTED(funcs)) {
1015 ZVAL_COPY_DEREF(&tmp_offset, offset);
1016 GC_ADDREF(object);
1017 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, &retval, &tmp_offset);
1018 result = i_zend_is_true(&retval);
1019 zval_ptr_dtor(&retval);
1020 if (check_empty && result && EXPECTED(!EG(exception))) {
1021 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, &retval, &tmp_offset);
1022 result = i_zend_is_true(&retval);
1023 zval_ptr_dtor(&retval);
1024 }
1025 OBJ_RELEASE(object);
1026 zval_ptr_dtor(&tmp_offset);
1027 } else {
1028 zend_bad_array_access(ce);
1029 return 0;
1030 }
1031 return result;
1032 }
1033 /* }}} */
1034
zend_std_get_property_ptr_ptr(zend_object * zobj,zend_string * name,int type,void ** cache_slot)1035 ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *name, int type, void **cache_slot) /* {{{ */
1036 {
1037 zval *retval = NULL;
1038 uintptr_t property_offset;
1039 zend_property_info *prop_info = NULL;
1040
1041 #if DEBUG_OBJECT_HANDLERS
1042 fprintf(stderr, "Ptr object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
1043 #endif
1044
1045 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1046
1047 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1048 retval = OBJ_PROP(zobj, property_offset);
1049 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1050 if (EXPECTED(!zobj->ce->__get) ||
1051 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1052 UNEXPECTED(prop_info && Z_PROP_FLAG_P(retval) == IS_PROP_UNINIT)) {
1053 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1054 if (UNEXPECTED(prop_info)) {
1055 zend_throw_error(NULL,
1056 "Typed property %s::$%s must not be accessed before initialization",
1057 ZSTR_VAL(prop_info->ce->name),
1058 ZSTR_VAL(name));
1059 retval = &EG(error_zval);
1060 } else {
1061 ZVAL_NULL(retval);
1062 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1063 }
1064 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1065 /* Readonly property, delegate to read_property + write_property. */
1066 retval = NULL;
1067 } else if (!prop_info || !ZEND_TYPE_IS_SET(prop_info->type)) {
1068 ZVAL_NULL(retval);
1069 }
1070 } else {
1071 /* we do have getter - fail and let it try again with usual get/set */
1072 retval = NULL;
1073 }
1074 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1075 /* Readonly property, delegate to read_property + write_property. */
1076 retval = NULL;
1077 }
1078 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1079 if (EXPECTED(zobj->properties)) {
1080 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1081 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1082 GC_DELREF(zobj->properties);
1083 }
1084 zobj->properties = zend_array_dup(zobj->properties);
1085 }
1086 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1087 return retval;
1088 }
1089 }
1090 if (EXPECTED(!zobj->ce->__get) ||
1091 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1092 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1093 zend_forbidden_dynamic_property(zobj->ce, name);
1094 return &EG(error_zval);
1095 }
1096 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1097 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1098 return &EG(error_zval);
1099 }
1100 }
1101 if (UNEXPECTED(!zobj->properties)) {
1102 rebuild_object_properties(zobj);
1103 }
1104 retval = zend_hash_update(zobj->properties, name, &EG(uninitialized_zval));
1105 /* Notice is thrown after creation of the property, to avoid EG(std_property_info)
1106 * being overwritten in an error handler. */
1107 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1108 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1109 }
1110 }
1111 } else if (zobj->ce->__get == NULL) {
1112 retval = &EG(error_zval);
1113 }
1114
1115 return retval;
1116 }
1117 /* }}} */
1118
zend_std_unset_property(zend_object * zobj,zend_string * name,void ** cache_slot)1119 ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void **cache_slot) /* {{{ */
1120 {
1121 uintptr_t property_offset;
1122 zend_property_info *prop_info = NULL;
1123
1124 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1125
1126 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1127 zval *slot = OBJ_PROP(zobj, property_offset);
1128
1129 if (Z_TYPE_P(slot) != IS_UNDEF) {
1130 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY))) {
1131 zend_readonly_property_unset_error(prop_info->ce, name);
1132 return;
1133 }
1134 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1135 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1136 if (prop_info) {
1137 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1138 }
1139 }
1140 zval tmp;
1141 ZVAL_COPY_VALUE(&tmp, slot);
1142 ZVAL_UNDEF(slot);
1143 zval_ptr_dtor(&tmp);
1144 if (zobj->properties) {
1145 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1146 }
1147 return;
1148 }
1149 if (UNEXPECTED(Z_PROP_FLAG_P(slot) == IS_PROP_UNINIT)) {
1150 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY)
1151 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "unset"))) {
1152 return;
1153 }
1154
1155 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1156 Z_PROP_FLAG_P(slot) = 0;
1157 return;
1158 }
1159 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1160 && EXPECTED(zobj->properties != NULL)) {
1161 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1162 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1163 GC_DELREF(zobj->properties);
1164 }
1165 zobj->properties = zend_array_dup(zobj->properties);
1166 }
1167 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1168 return;
1169 }
1170 } else if (UNEXPECTED(EG(exception))) {
1171 return;
1172 }
1173
1174 /* magic unset */
1175 if (zobj->ce->__unset) {
1176 uint32_t *guard = zend_get_property_guard(zobj, name);
1177 if (!((*guard) & IN_UNSET)) {
1178 /* have unseter - try with it! */
1179 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1180 zend_std_call_unsetter(zobj, name);
1181 (*guard) &= ~IN_UNSET;
1182 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1183 /* Trigger the correct error */
1184 zend_wrong_offset(zobj->ce, name);
1185 ZEND_ASSERT(EG(exception));
1186 return;
1187 } else {
1188 /* Nothing to do: The property already does not exist. */
1189 }
1190 }
1191 }
1192 /* }}} */
1193
zend_std_unset_dimension(zend_object * object,zval * offset)1194 ZEND_API void zend_std_unset_dimension(zend_object *object, zval *offset) /* {{{ */
1195 {
1196 zend_class_entry *ce = object->ce;
1197 zval tmp_offset;
1198
1199 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1200 if (EXPECTED(funcs)) {
1201 ZVAL_COPY_DEREF(&tmp_offset, offset);
1202 GC_ADDREF(object);
1203 zend_call_known_instance_method_with_1_params(funcs->zf_offsetunset, object, NULL, &tmp_offset);
1204 OBJ_RELEASE(object);
1205 zval_ptr_dtor(&tmp_offset);
1206 } else {
1207 zend_bad_array_access(ce);
1208 }
1209 }
1210 /* }}} */
1211
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1212 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1213 {
1214 zval *func;
1215 zend_function *fbc;
1216
1217 if (scope != ce && scope && is_derived_class(ce, scope)) {
1218 func = zend_hash_find(&scope->function_table, function_name);
1219 if (func != NULL) {
1220 fbc = Z_FUNC_P(func);
1221 if ((fbc->common.fn_flags & ZEND_ACC_PRIVATE)
1222 && fbc->common.scope == scope) {
1223 return fbc;
1224 }
1225 }
1226 }
1227 return NULL;
1228 }
1229 /* }}} */
1230
1231 /* Ensures that we're allowed to call a protected method.
1232 */
zend_check_protected(zend_class_entry * ce,zend_class_entry * scope)1233 ZEND_API int zend_check_protected(zend_class_entry *ce, zend_class_entry *scope) /* {{{ */
1234 {
1235 zend_class_entry *fbc_scope = ce;
1236
1237 /* Is the context that's calling the function, the same as one of
1238 * the function's parents?
1239 */
1240 while (fbc_scope) {
1241 if (fbc_scope==scope) {
1242 return 1;
1243 }
1244 fbc_scope = fbc_scope->parent;
1245 }
1246
1247 /* Is the function's scope the same as our current object context,
1248 * or any of the parents of our context?
1249 */
1250 while (scope) {
1251 if (scope==ce) {
1252 return 1;
1253 }
1254 scope = scope->parent;
1255 }
1256 return 0;
1257 }
1258 /* }}} */
1259
zend_get_call_trampoline_func(zend_class_entry * ce,zend_string * method_name,int is_static)1260 ZEND_API zend_function *zend_get_call_trampoline_func(zend_class_entry *ce, zend_string *method_name, int is_static) /* {{{ */
1261 {
1262 size_t mname_len;
1263 zend_op_array *func;
1264 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1265 /* We use non-NULL value to avoid useless run_time_cache allocation.
1266 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1267 */
1268 static const void *dummy = (void*)(intptr_t)2;
1269 static const zend_arg_info arg_info[1] = {{0}};
1270
1271 ZEND_ASSERT(fbc);
1272
1273 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1274 func = &EG(trampoline).op_array;
1275 } else {
1276 func = ecalloc(1, sizeof(zend_op_array));
1277 }
1278
1279 func->type = ZEND_USER_FUNCTION;
1280 func->arg_flags[0] = 0;
1281 func->arg_flags[1] = 0;
1282 func->arg_flags[2] = 0;
1283 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE | ZEND_ACC_PUBLIC | ZEND_ACC_VARIADIC;
1284 if (is_static) {
1285 func->fn_flags |= ZEND_ACC_STATIC;
1286 }
1287 func->opcodes = &EG(call_trampoline_op);
1288 ZEND_MAP_PTR_INIT(func->run_time_cache, (void**)dummy);
1289 func->scope = fbc->common.scope;
1290 /* reserve space for arguments, local and temporary variables */
1291 /* EG(trampoline) is reused from other places, like FFI (e.g. zend_ffi_cdata_get_closure()) where
1292 * it is used as an internal function. It may set fields that don't belong to common, thus
1293 * modifying zend_op_array specific data, most significantly last_var. We need to reset this
1294 * value so that it doesn't contain garbage when the engine allocates space for the next stack
1295 * frame. This didn't cause any issues until now due to "lucky" structure layout. */
1296 func->last_var = 0;
1297 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, 2) : 2;
1298 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1299 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1300 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1301
1302 //??? keep compatibility for "\0" characters
1303 //??? see: Zend/tests/bug46238.phpt
1304 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1305 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1306 } else {
1307 func->function_name = zend_string_copy(method_name);
1308 }
1309
1310 func->prototype = NULL;
1311 func->num_args = 0;
1312 func->required_num_args = 0;
1313 func->arg_info = (zend_arg_info *) arg_info;
1314
1315 return (zend_function*)func;
1316 }
1317 /* }}} */
1318
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1319 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1320 {
1321 return zend_get_call_trampoline_func(ce, method_name, 0);
1322 }
1323 /* }}} */
1324
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1325 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1326 {
1327 zend_throw_error(NULL, "Call to %s method %s::%s() from %s%s",
1328 zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name),
1329 scope ? "scope " : "global scope",
1330 scope ? ZSTR_VAL(scope->name) : ""
1331 );
1332 }
1333 /* }}} */
1334
zend_abstract_method_call(zend_function * fbc)1335 static ZEND_COLD zend_never_inline void zend_abstract_method_call(zend_function *fbc) /* {{{ */
1336 {
1337 zend_throw_error(NULL, "Cannot call abstract method %s::%s()",
1338 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1339 }
1340 /* }}} */
1341
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1342 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1343 {
1344 zend_object *zobj = *obj_ptr;
1345 zval *func;
1346 zend_function *fbc;
1347 zend_string *lc_method_name;
1348 zend_class_entry *scope;
1349 ALLOCA_FLAG(use_heap);
1350
1351 if (EXPECTED(key != NULL)) {
1352 lc_method_name = Z_STR_P(key);
1353 #ifdef ZEND_ALLOCA_MAX_SIZE
1354 use_heap = 0;
1355 #endif
1356 } else {
1357 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1358 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1359 }
1360
1361 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1362 if (UNEXPECTED(!key)) {
1363 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1364 }
1365 if (zobj->ce->__call) {
1366 return zend_get_user_call_function(zobj->ce, method_name);
1367 } else {
1368 return NULL;
1369 }
1370 }
1371
1372 fbc = Z_FUNC_P(func);
1373
1374 /* Check access level */
1375 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1376 scope = zend_get_executed_scope();
1377
1378 if (fbc->common.scope != scope) {
1379 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1380 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1381
1382 if (EXPECTED(updated_fbc != NULL)) {
1383 fbc = updated_fbc;
1384 goto exit;
1385 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1386 goto exit;
1387 }
1388 }
1389 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1390 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1391 if (zobj->ce->__call) {
1392 fbc = zend_get_user_call_function(zobj->ce, method_name);
1393 } else {
1394 zend_bad_method_call(fbc, method_name, scope);
1395 fbc = NULL;
1396 }
1397 }
1398 }
1399 }
1400
1401 exit:
1402 if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1403 zend_abstract_method_call(fbc);
1404 fbc = NULL;
1405 }
1406 if (UNEXPECTED(!key)) {
1407 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1408 }
1409 return fbc;
1410 }
1411 /* }}} */
1412
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1413 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1414 {
1415 return zend_get_call_trampoline_func(ce, method_name, 1);
1416 }
1417 /* }}} */
1418
get_static_method_fallback(zend_class_entry * ce,zend_string * function_name)1419 static zend_always_inline zend_function *get_static_method_fallback(
1420 zend_class_entry *ce, zend_string *function_name)
1421 {
1422 zend_object *object;
1423 if (ce->__call &&
1424 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1425 instanceof_function(object->ce, ce)) {
1426 /* Call the top-level defined __call().
1427 * see: tests/classes/__call_004.phpt */
1428
1429 ZEND_ASSERT(object->ce->__call);
1430 return zend_get_user_call_function(object->ce, function_name);
1431 } else if (ce->__callstatic) {
1432 return zend_get_user_callstatic_function(ce, function_name);
1433 } else {
1434 return NULL;
1435 }
1436 }
1437
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1438 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1439 {
1440 zend_string *lc_function_name;
1441 if (EXPECTED(key != NULL)) {
1442 lc_function_name = Z_STR_P(key);
1443 } else {
1444 lc_function_name = zend_string_tolower(function_name);
1445 }
1446
1447 zend_function *fbc;
1448 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1449 if (EXPECTED(func)) {
1450 fbc = Z_FUNC_P(func);
1451 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1452 zend_class_entry *scope = zend_get_executed_scope();
1453 if (UNEXPECTED(fbc->common.scope != scope)) {
1454 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1455 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1456 zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
1457 if (!fallback_fbc) {
1458 zend_bad_method_call(fbc, function_name, scope);
1459 }
1460 fbc = fallback_fbc;
1461 }
1462 }
1463 }
1464 } else {
1465 fbc = get_static_method_fallback(ce, function_name);
1466 }
1467
1468 if (UNEXPECTED(!key)) {
1469 zend_string_release_ex(lc_function_name, 0);
1470 }
1471
1472 if (EXPECTED(fbc)) {
1473 if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1474 zend_abstract_method_call(fbc);
1475 fbc = NULL;
1476 } else if (UNEXPECTED(fbc->common.scope->ce_flags & ZEND_ACC_TRAIT)) {
1477 zend_error(E_DEPRECATED,
1478 "Calling static trait method %s::%s is deprecated, "
1479 "it should only be called on a class using the trait",
1480 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1481 if (EG(exception)) {
1482 return NULL;
1483 }
1484 }
1485 }
1486
1487 return fbc;
1488 }
1489 /* }}} */
1490
zend_class_init_statics(zend_class_entry * class_type)1491 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1492 {
1493 int i;
1494 zval *p;
1495
1496 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1497 if (class_type->parent) {
1498 zend_class_init_statics(class_type->parent);
1499 }
1500
1501 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1502 for (i = 0; i < class_type->default_static_members_count; i++) {
1503 p = &class_type->default_static_members_table[i];
1504 if (Z_TYPE_P(p) == IS_INDIRECT) {
1505 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1506 ZVAL_DEINDIRECT(q);
1507 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1508 } else {
1509 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1510 }
1511 }
1512 }
1513 } /* }}} */
1514
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1515 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1516 {
1517 zval *ret;
1518 zend_class_entry *scope;
1519 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1520 *property_info_ptr = property_info;
1521
1522 if (UNEXPECTED(property_info == NULL)) {
1523 goto undeclared_property;
1524 }
1525
1526 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1527 if (UNEXPECTED(EG(fake_scope))) {
1528 scope = EG(fake_scope);
1529 } else {
1530 scope = zend_get_executed_scope();
1531 }
1532 if (property_info->ce != scope) {
1533 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1534 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1535 if (type != BP_VAR_IS) {
1536 zend_bad_property_access(property_info, ce, property_name);
1537 }
1538 return NULL;
1539 }
1540 }
1541 }
1542
1543 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1544 undeclared_property:
1545 if (type != BP_VAR_IS) {
1546 zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1547 }
1548 return NULL;
1549 }
1550
1551 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1552 if (UNEXPECTED(zend_update_class_constants(ce)) != SUCCESS) {
1553 return NULL;
1554 }
1555 }
1556
1557 /* Ensure static properties are initialized. */
1558 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1559 zend_class_init_statics(ce);
1560 }
1561
1562 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1563 ZVAL_DEINDIRECT(ret);
1564
1565 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1566 && Z_TYPE_P(ret) == IS_UNDEF && ZEND_TYPE_IS_SET(property_info->type))) {
1567 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1568 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1569 return NULL;
1570 }
1571
1572 if (UNEXPECTED(ce->ce_flags & ZEND_ACC_TRAIT)) {
1573 zend_error(E_DEPRECATED,
1574 "Accessing static trait property %s::$%s is deprecated, "
1575 "it should only be accessed on a class using the trait",
1576 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1577 }
1578
1579 return ret;
1580 }
1581 /* }}} */
1582
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1583 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1584 {
1585 zend_property_info *prop_info;
1586 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
1587 }
1588
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)1589 ZEND_API ZEND_COLD bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
1590 {
1591 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1592 return 0;
1593 }
1594 /* }}} */
1595
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)1596 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
1597 {
1598 if (scope) {
1599 zend_throw_error(NULL, "Call to %s %s::%s() from scope %s",
1600 zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name),
1601 ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name)
1602 );
1603 } else {
1604 zend_throw_error(NULL, "Call to %s %s::%s() from global scope", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
1605 }
1606 }
1607 /* }}} */
1608
zend_std_get_constructor(zend_object * zobj)1609 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
1610 {
1611 zend_function *constructor = zobj->ce->constructor;
1612 zend_class_entry *scope;
1613
1614 if (constructor) {
1615 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
1616 if (UNEXPECTED(EG(fake_scope))) {
1617 scope = EG(fake_scope);
1618 } else {
1619 scope = zend_get_executed_scope();
1620 }
1621 if (UNEXPECTED(constructor->common.scope != scope)) {
1622 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
1623 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
1624 zend_bad_constructor_call(constructor, scope);
1625 zend_object_store_ctor_failed(zobj);
1626 constructor = NULL;
1627 }
1628 }
1629 }
1630 }
1631
1632 return constructor;
1633 }
1634 /* }}} */
1635
zend_std_compare_objects(zval * o1,zval * o2)1636 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
1637 {
1638 zend_object *zobj1, *zobj2;
1639
1640 if (Z_TYPE_P(o1) != Z_TYPE_P(o2)) {
1641 /* Object and non-object */
1642 zval *object;
1643 zval *value;
1644 zval casted;
1645 bool object_lhs;
1646 if (Z_TYPE_P(o1) == IS_OBJECT) {
1647 object = o1;
1648 value = o2;
1649 object_lhs = true;
1650 } else {
1651 object = o2;
1652 value = o1;
1653 object_lhs = false;
1654 }
1655 ZEND_ASSERT(Z_TYPE_P(value) != IS_OBJECT);
1656 zend_uchar target_type = (Z_TYPE_P(value) == IS_FALSE || Z_TYPE_P(value) == IS_TRUE)
1657 ? _IS_BOOL : Z_TYPE_P(value);
1658 if (Z_OBJ_HT_P(object)->cast_object(Z_OBJ_P(object), &casted, target_type) == FAILURE) {
1659 // TODO: Less crazy.
1660 if (target_type == IS_LONG || target_type == IS_DOUBLE) {
1661 zend_error(E_NOTICE, "Object of class %s could not be converted to %s",
1662 ZSTR_VAL(Z_OBJCE_P(object)->name), zend_get_type_by_const(target_type));
1663 if (target_type == IS_LONG) {
1664 ZVAL_LONG(&casted, 1);
1665 } else {
1666 ZVAL_DOUBLE(&casted, 1.0);
1667 }
1668 } else {
1669 return object_lhs ? 1 : -1;
1670 }
1671 }
1672 int ret = object_lhs ? zend_compare(&casted, value) : zend_compare(value, &casted);
1673 zval_ptr_dtor(&casted);
1674 return ret;
1675 }
1676
1677 zobj1 = Z_OBJ_P(o1);
1678 zobj2 = Z_OBJ_P(o2);
1679
1680 if (zobj1 == zobj2) {
1681 return 0; /* the same object */
1682 }
1683 if (zobj1->ce != zobj2->ce) {
1684 return ZEND_UNCOMPARABLE; /* different classes */
1685 }
1686 if (!zobj1->properties && !zobj2->properties) {
1687 zend_property_info *info;
1688 int i;
1689
1690 if (!zobj1->ce->default_properties_count) {
1691 return 0;
1692 }
1693
1694 /* It's enough to protect only one of the objects.
1695 * The second one may be referenced from the first and this may cause
1696 * false recursion detection.
1697 */
1698 /* use bitwise OR to make only one conditional jump */
1699 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
1700 zend_error_noreturn(E_ERROR, "Nesting level too deep - recursive dependency?");
1701 }
1702 Z_PROTECT_RECURSION_P(o1);
1703
1704 for (i = 0; i < zobj1->ce->default_properties_count; i++) {
1705 zval *p1, *p2;
1706
1707 info = zobj1->ce->properties_info_table[i];
1708
1709 if (!info) {
1710 continue;
1711 }
1712
1713 p1 = OBJ_PROP(zobj1, info->offset);
1714 p2 = OBJ_PROP(zobj2, info->offset);
1715
1716 if (Z_TYPE_P(p1) != IS_UNDEF) {
1717 if (Z_TYPE_P(p2) != IS_UNDEF) {
1718 int ret;
1719
1720 ret = zend_compare(p1, p2);
1721 if (ret != 0) {
1722 Z_UNPROTECT_RECURSION_P(o1);
1723 return ret;
1724 }
1725 } else {
1726 Z_UNPROTECT_RECURSION_P(o1);
1727 return 1;
1728 }
1729 } else {
1730 if (Z_TYPE_P(p2) != IS_UNDEF) {
1731 Z_UNPROTECT_RECURSION_P(o1);
1732 return 1;
1733 }
1734 }
1735 }
1736
1737 Z_UNPROTECT_RECURSION_P(o1);
1738 return 0;
1739 } else {
1740 if (!zobj1->properties) {
1741 rebuild_object_properties(zobj1);
1742 }
1743 if (!zobj2->properties) {
1744 rebuild_object_properties(zobj2);
1745 }
1746 return zend_compare_symbol_tables(zobj1->properties, zobj2->properties);
1747 }
1748 }
1749 /* }}} */
1750
zend_objects_not_comparable(zval * o1,zval * o2)1751 ZEND_API int zend_objects_not_comparable(zval *o1, zval *o2)
1752 {
1753 return ZEND_UNCOMPARABLE;
1754 }
1755
zend_std_has_property(zend_object * zobj,zend_string * name,int has_set_exists,void ** cache_slot)1756 ZEND_API int zend_std_has_property(zend_object *zobj, zend_string *name, int has_set_exists, void **cache_slot) /* {{{ */
1757 {
1758 int result;
1759 zval *value = NULL;
1760 uintptr_t property_offset;
1761 zend_property_info *prop_info = NULL;
1762 zend_string *tmp_name = NULL;
1763
1764 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
1765
1766 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1767 value = OBJ_PROP(zobj, property_offset);
1768 if (Z_TYPE_P(value) != IS_UNDEF) {
1769 goto found;
1770 }
1771 if (UNEXPECTED(Z_PROP_FLAG_P(value) == IS_PROP_UNINIT)) {
1772 /* Skip __isset() for uninitialized typed properties */
1773 result = 0;
1774 goto exit;
1775 }
1776 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1777 if (EXPECTED(zobj->properties != NULL)) {
1778 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
1779 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
1780
1781 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
1782 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
1783
1784 if (EXPECTED(p->key == name) ||
1785 (EXPECTED(p->h == ZSTR_H(name)) &&
1786 EXPECTED(p->key != NULL) &&
1787 EXPECTED(zend_string_equal_content(p->key, name)))) {
1788 value = &p->val;
1789 goto found;
1790 }
1791 }
1792 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
1793 }
1794 value = zend_hash_find(zobj->properties, name);
1795 if (value) {
1796 if (cache_slot) {
1797 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
1798 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
1799 }
1800 found:
1801 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
1802 result = zend_is_true(value);
1803 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
1804 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
1805 ZVAL_DEREF(value);
1806 result = (Z_TYPE_P(value) != IS_NULL);
1807 } else {
1808 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
1809 result = 1;
1810 }
1811 goto exit;
1812 }
1813 }
1814 } else if (UNEXPECTED(EG(exception))) {
1815 result = 0;
1816 goto exit;
1817 }
1818
1819 result = 0;
1820 if ((has_set_exists != ZEND_PROPERTY_EXISTS) && zobj->ce->__isset) {
1821 uint32_t *guard = zend_get_property_guard(zobj, name);
1822
1823 if (!((*guard) & IN_ISSET)) {
1824 zval rv;
1825
1826 /* have issetter - try with it! */
1827 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
1828 tmp_name = zend_string_copy(name);
1829 }
1830 GC_ADDREF(zobj);
1831 (*guard) |= IN_ISSET; /* prevent circular getting */
1832 zend_std_call_issetter(zobj, name, &rv);
1833 result = zend_is_true(&rv);
1834 zval_ptr_dtor(&rv);
1835 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
1836 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
1837 (*guard) |= IN_GET;
1838 zend_std_call_getter(zobj, name, &rv);
1839 (*guard) &= ~IN_GET;
1840 result = i_zend_is_true(&rv);
1841 zval_ptr_dtor(&rv);
1842 } else {
1843 result = 0;
1844 }
1845 }
1846 (*guard) &= ~IN_ISSET;
1847 OBJ_RELEASE(zobj);
1848 }
1849 }
1850
1851 exit:
1852 zend_tmp_string_release(tmp_name);
1853 return result;
1854 }
1855 /* }}} */
1856
zend_std_get_class_name(const zend_object * zobj)1857 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
1858 {
1859 return zend_string_copy(zobj->ce->name);
1860 }
1861 /* }}} */
1862
zend_std_cast_object_tostring(zend_object * readobj,zval * writeobj,int type)1863 ZEND_API zend_result zend_std_cast_object_tostring(zend_object *readobj, zval *writeobj, int type) /* {{{ */
1864 {
1865 switch (type) {
1866 case IS_STRING: {
1867 zend_class_entry *ce = readobj->ce;
1868 if (ce->__tostring) {
1869 zval retval;
1870 GC_ADDREF(readobj);
1871 zend_call_known_instance_method_with_0_params(ce->__tostring, readobj, &retval);
1872 zend_object_release(readobj);
1873 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
1874 ZVAL_COPY_VALUE(writeobj, &retval);
1875 return SUCCESS;
1876 }
1877 zval_ptr_dtor(&retval);
1878 if (!EG(exception)) {
1879 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
1880 }
1881 }
1882 return FAILURE;
1883 }
1884 case _IS_BOOL:
1885 ZVAL_TRUE(writeobj);
1886 return SUCCESS;
1887 default:
1888 return FAILURE;
1889 }
1890 }
1891 /* }}} */
1892
zend_std_get_closure(zend_object * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr,bool check_only)1893 ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr, bool check_only) /* {{{ */
1894 {
1895 zend_class_entry *ce = obj->ce;
1896 zval *func = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE));
1897
1898 if (func == NULL) {
1899 return FAILURE;
1900 }
1901 *fptr_ptr = Z_FUNC_P(func);
1902
1903 *ce_ptr = ce;
1904 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
1905 if (obj_ptr) {
1906 *obj_ptr = NULL;
1907 }
1908 } else {
1909 if (obj_ptr) {
1910 *obj_ptr = obj;
1911 }
1912 }
1913 return SUCCESS;
1914 }
1915 /* }}} */
1916
zend_std_get_properties_for(zend_object * obj,zend_prop_purpose purpose)1917 ZEND_API HashTable *zend_std_get_properties_for(zend_object *obj, zend_prop_purpose purpose) {
1918 HashTable *ht;
1919 switch (purpose) {
1920 case ZEND_PROP_PURPOSE_DEBUG:
1921 if (obj->handlers->get_debug_info) {
1922 int is_temp;
1923 ht = obj->handlers->get_debug_info(obj, &is_temp);
1924 if (ht && !is_temp) {
1925 GC_TRY_ADDREF(ht);
1926 }
1927 return ht;
1928 }
1929 ZEND_FALLTHROUGH;
1930 case ZEND_PROP_PURPOSE_ARRAY_CAST:
1931 case ZEND_PROP_PURPOSE_SERIALIZE:
1932 case ZEND_PROP_PURPOSE_VAR_EXPORT:
1933 case ZEND_PROP_PURPOSE_JSON:
1934 ht = obj->handlers->get_properties(obj);
1935 if (ht) {
1936 GC_TRY_ADDREF(ht);
1937 }
1938 return ht;
1939 default:
1940 ZEND_UNREACHABLE();
1941 return NULL;
1942 }
1943 }
1944
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)1945 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
1946 zend_object *zobj = Z_OBJ_P(obj);
1947
1948 if (zobj->handlers->get_properties_for) {
1949 return zobj->handlers->get_properties_for(zobj, purpose);
1950 }
1951
1952 return zend_std_get_properties_for(zobj, purpose);
1953 }
1954
1955 ZEND_API const zend_object_handlers std_object_handlers = {
1956 0, /* offset */
1957
1958 zend_object_std_dtor, /* free_obj */
1959 zend_objects_destroy_object, /* dtor_obj */
1960 zend_objects_clone_obj, /* clone_obj */
1961
1962 zend_std_read_property, /* read_property */
1963 zend_std_write_property, /* write_property */
1964 zend_std_read_dimension, /* read_dimension */
1965 zend_std_write_dimension, /* write_dimension */
1966 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
1967 zend_std_has_property, /* has_property */
1968 zend_std_unset_property, /* unset_property */
1969 zend_std_has_dimension, /* has_dimension */
1970 zend_std_unset_dimension, /* unset_dimension */
1971 zend_std_get_properties, /* get_properties */
1972 zend_std_get_method, /* get_method */
1973 zend_std_get_constructor, /* get_constructor */
1974 zend_std_get_class_name, /* get_class_name */
1975 zend_std_cast_object_tostring, /* cast_object */
1976 NULL, /* count_elements */
1977 zend_std_get_debug_info, /* get_debug_info */
1978 zend_std_get_closure, /* get_closure */
1979 zend_std_get_gc, /* get_gc */
1980 NULL, /* do_operation */
1981 zend_std_compare_objects, /* compare */
1982 NULL, /* get_properties_for */
1983 };
1984