1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_variables.h"
24 #include "zend_API.h"
25 #include "zend_objects.h"
26 #include "zend_objects_API.h"
27 #include "zend_object_handlers.h"
28 #include "zend_interfaces.h"
29 #include "zend_exceptions.h"
30 #include "zend_closures.h"
31 #include "zend_compile.h"
32 #include "zend_hash.h"
33 #include "zend_observer.h"
34
35 #define DEBUG_OBJECT_HANDLERS 0
36
37 #define ZEND_WRONG_PROPERTY_OFFSET 0
38
39 /* guard flags */
40 #define IN_GET ZEND_GUARD_PROPERTY_GET
41 #define IN_SET ZEND_GUARD_PROPERTY_SET
42 #define IN_UNSET ZEND_GUARD_PROPERTY_UNSET
43 #define IN_ISSET ZEND_GUARD_PROPERTY_ISSET
44
45 /*
46 __X accessors explanation:
47
48 if we have __get and property that is not part of the properties array is
49 requested, we call __get handler. If it fails, we return uninitialized.
50
51 if we have __set and property that is not part of the properties array is
52 set, we call __set handler. If it fails, we do not change the array.
53
54 for both handlers above, when we are inside __get/__set, no further calls for
55 __get/__set for this property of this object will be made, to prevent endless
56 recursion and enable accessors to change properties array.
57
58 if we have __call and method which is not part of the class function table is
59 called, we cal __call handler.
60 */
61
rebuild_object_properties(zend_object * zobj)62 ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
63 {
64 if (!zobj->properties) {
65 zend_property_info *prop_info;
66 zend_class_entry *ce = zobj->ce;
67 int i;
68
69 zobj->properties = zend_new_array(ce->default_properties_count);
70 if (ce->default_properties_count) {
71 zend_hash_real_init_mixed(zobj->properties);
72 for (i = 0; i < ce->default_properties_count; i++) {
73 prop_info = ce->properties_info_table[i];
74
75 if (!prop_info) {
76 continue;
77 }
78
79 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
80 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
81 }
82
83 _zend_hash_append_ind(zobj->properties, prop_info->name,
84 OBJ_PROP(zobj, prop_info->offset));
85 }
86 }
87 }
88 }
89 /* }}} */
90
zend_std_build_object_properties_array(zend_object * zobj)91 ZEND_API HashTable *zend_std_build_object_properties_array(zend_object *zobj) /* {{{ */
92 {
93 zend_property_info *prop_info;
94 zend_class_entry *ce = zobj->ce;
95 HashTable *ht;
96 zval* prop;
97 int i;
98
99 ZEND_ASSERT(!zobj->properties);
100 ht = zend_new_array(ce->default_properties_count);
101 if (ce->default_properties_count) {
102 zend_hash_real_init_mixed(ht);
103 for (i = 0; i < ce->default_properties_count; i++) {
104 prop_info = ce->properties_info_table[i];
105
106 if (!prop_info) {
107 continue;
108 }
109
110 prop = OBJ_PROP(zobj, prop_info->offset);
111 if (UNEXPECTED(Z_TYPE_P(prop) == IS_UNDEF)) {
112 continue;
113 }
114
115 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
116 prop = Z_REFVAL_P(prop);
117 }
118
119 Z_TRY_ADDREF_P(prop);
120 _zend_hash_append(ht, prop_info->name, prop);
121 }
122 }
123 return ht;
124 }
125 /* }}} */
126
zend_std_get_properties(zend_object * zobj)127 ZEND_API HashTable *zend_std_get_properties(zend_object *zobj) /* {{{ */
128 {
129 if (!zobj->properties) {
130 rebuild_object_properties(zobj);
131 }
132 return zobj->properties;
133 }
134 /* }}} */
135
zend_std_get_gc(zend_object * zobj,zval ** table,int * n)136 ZEND_API HashTable *zend_std_get_gc(zend_object *zobj, zval **table, int *n) /* {{{ */
137 {
138 if (zobj->handlers->get_properties != zend_std_get_properties) {
139 *table = NULL;
140 *n = 0;
141 return zobj->handlers->get_properties(zobj);
142 } else {
143 if (zobj->properties) {
144 *table = NULL;
145 *n = 0;
146 return zobj->properties;
147 } else {
148 *table = zobj->properties_table;
149 *n = zobj->ce->default_properties_count;
150 return NULL;
151 }
152 }
153 }
154 /* }}} */
155
zend_std_get_debug_info(zend_object * object,int * is_temp)156 ZEND_API HashTable *zend_std_get_debug_info(zend_object *object, int *is_temp) /* {{{ */
157 {
158 zend_class_entry *ce = object->ce;
159 zval retval;
160 HashTable *ht;
161
162 if (!ce->__debugInfo) {
163 *is_temp = 0;
164 return object->handlers->get_properties(object);
165 }
166
167 zend_call_known_instance_method_with_0_params(ce->__debugInfo, object, &retval);
168 if (Z_TYPE(retval) == IS_ARRAY) {
169 if (!Z_REFCOUNTED(retval)) {
170 *is_temp = 1;
171 return zend_array_dup(Z_ARRVAL(retval));
172 } else if (Z_REFCOUNT(retval) <= 1) {
173 *is_temp = 1;
174 ht = Z_ARR(retval);
175 return ht;
176 } else {
177 *is_temp = 0;
178 zval_ptr_dtor(&retval);
179 return Z_ARRVAL(retval);
180 }
181 } else if (Z_TYPE(retval) == IS_NULL) {
182 *is_temp = 1;
183 ht = zend_new_array(0);
184 return ht;
185 }
186
187 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
188
189 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
190 }
191 /* }}} */
192
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)193 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
194 {
195 zval member;
196 ZVAL_STR(&member, prop_name);
197 zend_call_known_instance_method_with_1_params(zobj->ce->__get, zobj, retval, &member);
198 }
199 /* }}} */
200
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)201 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
202 {
203 zval args[2];
204 ZVAL_STR(&args[0], prop_name);
205 ZVAL_COPY_VALUE(&args[1], value);
206 zend_call_known_instance_method(zobj->ce->__set, zobj, NULL, 2, args);
207 }
208 /* }}} */
209
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)210 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
211 {
212 zval member;
213 ZVAL_STR(&member, prop_name);
214 zend_call_known_instance_method_with_1_params(zobj->ce->__unset, zobj, NULL, &member);
215 }
216 /* }}} */
217
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)218 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
219 {
220 zval member;
221 ZVAL_STR(&member, prop_name);
222 zend_call_known_instance_method_with_1_params(zobj->ce->__isset, zobj, retval, &member);
223 }
224 /* }}} */
225
226
is_derived_class(const zend_class_entry * child_class,const zend_class_entry * parent_class)227 static zend_always_inline bool is_derived_class(const zend_class_entry *child_class, const zend_class_entry *parent_class) /* {{{ */
228 {
229 child_class = child_class->parent;
230 while (child_class) {
231 if (child_class == parent_class) {
232 return 1;
233 }
234 child_class = child_class->parent;
235 }
236
237 return 0;
238 }
239 /* }}} */
240
is_protected_compatible_scope(const zend_class_entry * ce,const zend_class_entry * scope)241 static zend_never_inline int is_protected_compatible_scope(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
242 {
243 return scope &&
244 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
245 }
246 /* }}} */
247
zend_get_parent_private_property(zend_class_entry * scope,const zend_class_entry * ce,zend_string * member)248 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, const zend_class_entry *ce, zend_string *member) /* {{{ */
249 {
250 zval *zv;
251 zend_property_info *prop_info;
252
253 if (scope != ce && scope && is_derived_class(ce, scope)) {
254 zv = zend_hash_find(&scope->properties_info, member);
255 if (zv != NULL) {
256 prop_info = (zend_property_info*)Z_PTR_P(zv);
257 if ((prop_info->flags & ZEND_ACC_PRIVATE)
258 && prop_info->ce == scope) {
259 return prop_info;
260 }
261 }
262 }
263 return NULL;
264 }
265 /* }}} */
266
zend_bad_property_access(const zend_property_info * property_info,const zend_class_entry * ce,const zend_string * member)267 static ZEND_COLD zend_never_inline void zend_bad_property_access(const zend_property_info *property_info, const zend_class_entry *ce, const zend_string *member) /* {{{ */
268 {
269 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
270 }
271 /* }}} */
272
zend_bad_property_name(void)273 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
274 {
275 zend_throw_error(NULL, "Cannot access property starting with \"\\0\"");
276 }
277 /* }}} */
278
zend_forbidden_dynamic_property(const zend_class_entry * ce,const zend_string * member)279 static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
280 const zend_class_entry *ce, const zend_string *member) {
281 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
282 ZSTR_VAL(ce->name), ZSTR_VAL(member));
283 }
284
zend_deprecated_dynamic_property(zend_object * obj,const zend_string * member)285 static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
286 zend_object *obj, const zend_string *member) {
287 GC_ADDREF(obj);
288 zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
289 ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
290 if (UNEXPECTED(GC_DELREF(obj) == 0)) {
291 zend_class_entry *ce = obj->ce;
292 zend_objects_store_del(obj);
293 if (!EG(exception)) {
294 /* We cannot continue execution and have to throw an exception */
295 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
296 ZSTR_VAL(ce->name), ZSTR_VAL(member));
297 }
298 return 0;
299 }
300 return 1;
301 }
302
zend_readonly_property_modification_scope_error(const zend_class_entry * ce,const zend_string * member,const zend_class_entry * scope,const char * operation)303 static ZEND_COLD zend_never_inline void zend_readonly_property_modification_scope_error(
304 const zend_class_entry *ce, const zend_string *member, const zend_class_entry *scope, const char *operation) {
305 zend_throw_error(NULL, "Cannot %s readonly property %s::$%s from %s%s",
306 operation, ZSTR_VAL(ce->name), ZSTR_VAL(member),
307 scope ? "scope " : "global scope", scope ? ZSTR_VAL(scope->name) : "");
308 }
309
zend_readonly_property_unset_error(zend_class_entry * ce,zend_string * member)310 static ZEND_COLD zend_never_inline void zend_readonly_property_unset_error(
311 zend_class_entry *ce, zend_string *member) {
312 zend_throw_error(NULL, "Cannot unset readonly property %s::$%s",
313 ZSTR_VAL(ce->name), ZSTR_VAL(member));
314 }
315
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,const zend_property_info ** info_ptr)316 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, const zend_property_info **info_ptr) /* {{{ */
317 {
318 zval *zv;
319 zend_property_info *property_info;
320 uint32_t flags;
321 zend_class_entry *scope;
322 uintptr_t offset;
323
324 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
325 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
326 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
327 }
328
329 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
330 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
331 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
332 if (!silent) {
333 zend_bad_property_name();
334 }
335 return ZEND_WRONG_PROPERTY_OFFSET;
336 }
337 dynamic:
338 if (cache_slot) {
339 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
340 CACHE_PTR_EX(cache_slot + 2, NULL);
341 }
342 return ZEND_DYNAMIC_PROPERTY_OFFSET;
343 }
344
345 property_info = (zend_property_info*)Z_PTR_P(zv);
346 flags = property_info->flags;
347
348 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
349 if (UNEXPECTED(EG(fake_scope))) {
350 scope = EG(fake_scope);
351 } else {
352 scope = zend_get_executed_scope();
353 }
354
355 if (property_info->ce != scope) {
356 if (flags & ZEND_ACC_CHANGED) {
357 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
358
359 /* If there is a public/protected instance property on ce, don't try to use a
360 * private static property on scope. If both are static, prefer the static
361 * property on scope. This will throw a static property notice, rather than
362 * a visibility error. */
363 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
364 property_info = p;
365 flags = property_info->flags;
366 goto found;
367 } else if (flags & ZEND_ACC_PUBLIC) {
368 goto found;
369 }
370 }
371 if (flags & ZEND_ACC_PRIVATE) {
372 if (property_info->ce != ce) {
373 goto dynamic;
374 } else {
375 wrong:
376 /* Information was available, but we were denied access. Error out. */
377 if (!silent) {
378 zend_bad_property_access(property_info, ce, member);
379 }
380 return ZEND_WRONG_PROPERTY_OFFSET;
381 }
382 } else {
383 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
384 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
385 goto wrong;
386 }
387 }
388 }
389 }
390
391 found:
392 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
393 if (!silent) {
394 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
395 }
396 return ZEND_DYNAMIC_PROPERTY_OFFSET;
397 }
398
399 offset = property_info->offset;
400 if (EXPECTED(!ZEND_TYPE_IS_SET(property_info->type))) {
401 property_info = NULL;
402 } else {
403 *info_ptr = property_info;
404 }
405 if (cache_slot) {
406 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
407 CACHE_PTR_EX(cache_slot + 2, property_info);
408 }
409 return offset;
410 }
411 /* }}} */
412
zend_wrong_offset(zend_class_entry * ce,zend_string * member)413 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
414 {
415 const zend_property_info *dummy;
416
417 /* Trigger the correct error */
418 zend_get_property_offset(ce, member, 0, NULL, &dummy);
419 }
420 /* }}} */
421
zend_get_property_info(const zend_class_entry * ce,zend_string * member,int silent)422 ZEND_API zend_property_info *zend_get_property_info(const zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
423 {
424 zval *zv;
425 zend_property_info *property_info;
426 uint32_t flags;
427 zend_class_entry *scope;
428
429 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
430 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
431 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
432 if (!silent) {
433 zend_bad_property_name();
434 }
435 return ZEND_WRONG_PROPERTY_INFO;
436 }
437 dynamic:
438 return NULL;
439 }
440
441 property_info = (zend_property_info*)Z_PTR_P(zv);
442 flags = property_info->flags;
443
444 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
445 if (UNEXPECTED(EG(fake_scope))) {
446 scope = EG(fake_scope);
447 } else {
448 scope = zend_get_executed_scope();
449 }
450 if (property_info->ce != scope) {
451 if (flags & ZEND_ACC_CHANGED) {
452 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
453
454 if (p) {
455 property_info = p;
456 flags = property_info->flags;
457 goto found;
458 } else if (flags & ZEND_ACC_PUBLIC) {
459 goto found;
460 }
461 }
462 if (flags & ZEND_ACC_PRIVATE) {
463 if (property_info->ce != ce) {
464 goto dynamic;
465 } else {
466 wrong:
467 /* Information was available, but we were denied access. Error out. */
468 if (!silent) {
469 zend_bad_property_access(property_info, ce, member);
470 }
471 return ZEND_WRONG_PROPERTY_INFO;
472 }
473 } else {
474 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
475 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
476 goto wrong;
477 }
478 }
479 }
480 }
481
482 found:
483 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
484 if (!silent) {
485 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
486 }
487 }
488 return property_info;
489 }
490 /* }}} */
491
zend_check_property_access(const zend_object * zobj,zend_string * prop_info_name,bool is_dynamic)492 ZEND_API zend_result zend_check_property_access(const zend_object *zobj, zend_string *prop_info_name, bool is_dynamic) /* {{{ */
493 {
494 zend_property_info *property_info;
495 const char *class_name = NULL;
496 const char *prop_name;
497 zend_string *member;
498 size_t prop_name_len;
499
500 if (ZSTR_VAL(prop_info_name)[0] == 0) {
501 if (is_dynamic) {
502 return SUCCESS;
503 }
504
505 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
506 member = zend_string_init(prop_name, prop_name_len, 0);
507 property_info = zend_get_property_info(zobj->ce, member, 1);
508 zend_string_release_ex(member, 0);
509 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
510 return FAILURE;
511 }
512
513 if (class_name[0] != '*') {
514 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
515 /* we we're looking for a private prop but found a non private one of the same name */
516 return FAILURE;
517 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
518 /* we we're looking for a private prop but found a private one of the same name but another class */
519 return FAILURE;
520 }
521 } else {
522 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
523 }
524 return SUCCESS;
525 } else {
526 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
527 if (property_info == NULL) {
528 ZEND_ASSERT(is_dynamic);
529 return SUCCESS;
530 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
531 return FAILURE;
532 }
533 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
534 }
535 }
536 /* }}} */
537
zend_property_guard_dtor(zval * el)538 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
539 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
540 if (EXPECTED(!(((uintptr_t)ptr) & 1))) {
541 efree_size(ptr, sizeof(uint32_t));
542 }
543 }
544 /* }}} */
545
zend_get_guard_value(zend_object * zobj)546 static zend_always_inline zval *zend_get_guard_value(zend_object *zobj)
547 {
548 return zobj->properties_table + zobj->ce->default_properties_count;
549 }
550
zend_get_property_guard(zend_object * zobj,zend_string * member)551 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
552 {
553 HashTable *guards;
554 zval *zv;
555 uint32_t *ptr;
556
557
558 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
559 zv = zend_get_guard_value(zobj);
560 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
561 zend_string *str = Z_STR_P(zv);
562 if (EXPECTED(str == member) ||
563 /* str and member don't necessarily have a pre-calculated hash value here */
564 EXPECTED(zend_string_equal_content(str, member))) {
565 return &Z_GUARD_P(zv);
566 } else if (EXPECTED(Z_GUARD_P(zv) == 0)) {
567 zval_ptr_dtor_str(zv);
568 ZVAL_STR_COPY(zv, member);
569 return &Z_GUARD_P(zv);
570 } else {
571 ALLOC_HASHTABLE(guards);
572 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
573 /* mark pointer as "special" using low bit */
574 zend_hash_add_new_ptr(guards, str,
575 (void*)(((uintptr_t)&Z_GUARD_P(zv)) | 1));
576 zval_ptr_dtor_str(zv);
577 ZVAL_ARR(zv, guards);
578 }
579 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
580 guards = Z_ARRVAL_P(zv);
581 ZEND_ASSERT(guards != NULL);
582 zv = zend_hash_find(guards, member);
583 if (zv != NULL) {
584 return (uint32_t*)(((uintptr_t)Z_PTR_P(zv)) & ~1);
585 }
586 } else {
587 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
588 ZVAL_STR_COPY(zv, member);
589 Z_GUARD_P(zv) &= ~ZEND_GUARD_PROPERTY_MASK;
590 return &Z_GUARD_P(zv);
591 }
592 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
593 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
594 *ptr = 0;
595 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
596 }
597 /* }}} */
598
zend_get_recursion_guard(zend_object * zobj)599 ZEND_API uint32_t *zend_get_recursion_guard(zend_object *zobj)
600 {
601 if (!(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS)) {
602 return NULL;
603 }
604 zval *zv = zend_get_guard_value(zobj);
605 return &Z_GUARD_P(zv);
606 }
607
zend_std_read_property(zend_object * zobj,zend_string * name,int type,void ** cache_slot,zval * rv)608 ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int type, void **cache_slot, zval *rv) /* {{{ */
609 {
610 zval *retval;
611 uintptr_t property_offset;
612 const zend_property_info *prop_info = NULL;
613 uint32_t *guard = NULL;
614 zend_string *tmp_name = NULL;
615
616 #if DEBUG_OBJECT_HANDLERS
617 fprintf(stderr, "Read object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
618 #endif
619
620 /* make zend_get_property_info silent if we have getter - we may want to use it */
621 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
622
623 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
624 retval = OBJ_PROP(zobj, property_offset);
625 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
626 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)
627 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
628 if (Z_TYPE_P(retval) == IS_OBJECT) {
629 /* For objects, W/RW/UNSET fetch modes might not actually modify object.
630 * Similar as with magic __get() allow them, but return the value as a copy
631 * to make sure no actual modification is possible. */
632 ZVAL_COPY(rv, retval);
633 retval = rv;
634 } else if (Z_PROP_FLAG_P(retval) & IS_PROP_REINITABLE) {
635 Z_PROP_FLAG_P(retval) &= ~IS_PROP_REINITABLE;
636 } else {
637 zend_readonly_property_modification_error(prop_info);
638 retval = &EG(uninitialized_zval);
639 }
640 }
641 goto exit;
642 } else {
643 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
644 if (type == BP_VAR_W || type == BP_VAR_RW) {
645 zend_readonly_property_indirect_modification_error(prop_info);
646 retval = &EG(uninitialized_zval);
647 goto exit;
648 } else if (type == BP_VAR_UNSET) {
649 retval = &EG(uninitialized_zval);
650 goto exit;
651 }
652 }
653 }
654 if (UNEXPECTED(Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT)) {
655 /* Skip __get() for uninitialized typed properties */
656 goto uninit_error;
657 }
658 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
659 if (EXPECTED(zobj->properties != NULL)) {
660 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
661 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
662
663 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
664 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
665
666 if (EXPECTED(p->key == name) ||
667 (EXPECTED(p->h == ZSTR_H(name)) &&
668 EXPECTED(p->key != NULL) &&
669 EXPECTED(zend_string_equal_content(p->key, name)))) {
670 retval = &p->val;
671 goto exit;
672 }
673 }
674 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
675 }
676 retval = zend_hash_find(zobj->properties, name);
677 if (EXPECTED(retval)) {
678 if (cache_slot) {
679 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
680 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
681 }
682 goto exit;
683 }
684 }
685 } else if (UNEXPECTED(EG(exception))) {
686 retval = &EG(uninitialized_zval);
687 goto exit;
688 }
689
690 /* magic isset */
691 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
692 zval tmp_result;
693 guard = zend_get_property_guard(zobj, name);
694
695 if (!((*guard) & IN_ISSET)) {
696 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
697 tmp_name = zend_string_copy(name);
698 }
699 GC_ADDREF(zobj);
700 ZVAL_UNDEF(&tmp_result);
701
702 *guard |= IN_ISSET;
703 zend_std_call_issetter(zobj, name, &tmp_result);
704 *guard &= ~IN_ISSET;
705
706 if (!zend_is_true(&tmp_result)) {
707 retval = &EG(uninitialized_zval);
708 OBJ_RELEASE(zobj);
709 zval_ptr_dtor(&tmp_result);
710 goto exit;
711 }
712
713 zval_ptr_dtor(&tmp_result);
714 if (zobj->ce->__get && !((*guard) & IN_GET)) {
715 goto call_getter;
716 }
717 OBJ_RELEASE(zobj);
718 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
719 goto call_getter_addref;
720 }
721 } else if (zobj->ce->__get) {
722 /* magic get */
723 guard = zend_get_property_guard(zobj, name);
724 if (!((*guard) & IN_GET)) {
725 /* have getter - try with it! */
726 call_getter_addref:
727 GC_ADDREF(zobj);
728 call_getter:
729 *guard |= IN_GET; /* prevent circular getting */
730 zend_std_call_getter(zobj, name, rv);
731 *guard &= ~IN_GET;
732
733 if (Z_TYPE_P(rv) != IS_UNDEF) {
734 retval = rv;
735 if (!Z_ISREF_P(rv) &&
736 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
737 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
738 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
739 }
740 }
741 } else {
742 retval = &EG(uninitialized_zval);
743 }
744
745 if (UNEXPECTED(prop_info)) {
746 zend_verify_prop_assignable_by_ref_ex(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0, ZEND_VERIFY_PROP_ASSIGNABLE_BY_REF_CONTEXT_MAGIC_GET);
747 }
748
749 OBJ_RELEASE(zobj);
750 goto exit;
751 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
752 /* Trigger the correct error */
753 zend_get_property_offset(zobj->ce, name, 0, NULL, &prop_info);
754 ZEND_ASSERT(EG(exception));
755 retval = &EG(uninitialized_zval);
756 goto exit;
757 }
758 }
759
760 uninit_error:
761 if (type != BP_VAR_IS) {
762 if (UNEXPECTED(prop_info)) {
763 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
764 ZSTR_VAL(prop_info->ce->name),
765 ZSTR_VAL(name));
766 } else {
767 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
768 }
769 }
770 retval = &EG(uninitialized_zval);
771
772 exit:
773 zend_tmp_string_release(tmp_name);
774
775 return retval;
776 }
777 /* }}} */
778
property_uses_strict_types(void)779 static zend_always_inline bool property_uses_strict_types(void) {
780 zend_execute_data *execute_data = EG(current_execute_data);
781 return execute_data
782 && execute_data->func
783 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
784 }
785
verify_readonly_initialization_access(const zend_property_info * prop_info,const zend_class_entry * ce,zend_string * name,const char * operation)786 static bool verify_readonly_initialization_access(
787 const zend_property_info *prop_info, const zend_class_entry *ce,
788 zend_string *name, const char *operation) {
789 zend_class_entry *scope;
790 if (UNEXPECTED(EG(fake_scope))) {
791 scope = EG(fake_scope);
792 } else {
793 scope = zend_get_executed_scope();
794 }
795 if (prop_info->ce == scope) {
796 return true;
797 }
798
799 /* We may have redeclared a parent property. In that case the parent should still be
800 * allowed to initialize it. */
801 if (scope && is_derived_class(ce, scope)) {
802 const zend_property_info *prop_info = zend_hash_find_ptr(&scope->properties_info, name);
803 if (prop_info) {
804 /* This should be ensured by inheritance. */
805 ZEND_ASSERT(prop_info->flags & ZEND_ACC_READONLY);
806 if (prop_info->ce == scope) {
807 return true;
808 }
809 }
810 }
811
812 zend_readonly_property_modification_scope_error(prop_info->ce, name, scope, operation);
813 return false;
814 }
815
zend_std_write_property(zend_object * zobj,zend_string * name,zval * value,void ** cache_slot)816 ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zval *value, void **cache_slot) /* {{{ */
817 {
818 zval *variable_ptr, tmp;
819 uintptr_t property_offset;
820 const zend_property_info *prop_info = NULL;
821 ZEND_ASSERT(!Z_ISREF_P(value));
822
823 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
824
825 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
826 variable_ptr = OBJ_PROP(zobj, property_offset);
827 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
828 Z_TRY_ADDREF_P(value);
829
830 if (UNEXPECTED(prop_info)) {
831 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY) && !(Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINITABLE))) {
832 Z_TRY_DELREF_P(value);
833 zend_readonly_property_modification_error(prop_info);
834 variable_ptr = &EG(error_zval);
835 goto exit;
836 }
837
838 ZVAL_COPY_VALUE(&tmp, value);
839 // Increase refcount to prevent object from being released in __toString()
840 GC_ADDREF(zobj);
841 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
842 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
843 zend_object_released_while_assigning_to_property_error(prop_info);
844 zend_objects_store_del(zobj);
845 zval_ptr_dtor(&tmp);
846 variable_ptr = &EG(error_zval);
847 goto exit;
848 }
849 if (UNEXPECTED(!type_matched)) {
850 zval_ptr_dtor(&tmp);
851 variable_ptr = &EG(error_zval);
852 goto exit;
853 }
854 Z_PROP_FLAG_P(variable_ptr) &= ~IS_PROP_REINITABLE;
855 value = &tmp;
856 }
857
858 found:;
859 zend_refcounted *garbage = NULL;
860
861 variable_ptr = zend_assign_to_variable_ex(
862 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types(), &garbage);
863
864 if (garbage) {
865 if (GC_DELREF(garbage) == 0) {
866 zend_execute_data *execute_data = EG(current_execute_data);
867 // Assign to result variable before calling the destructor as it may release the object
868 if (execute_data
869 && EX(func)
870 && ZEND_USER_CODE(EX(func)->common.type)
871 && EX(opline)
872 && EX(opline)->opcode == ZEND_ASSIGN_OBJ
873 && EX(opline)->result_type) {
874 ZVAL_COPY_DEREF(EX_VAR(EX(opline)->result.var), variable_ptr);
875 variable_ptr = NULL;
876 }
877 rc_dtor_func(garbage);
878 } else {
879 gc_check_possible_root_no_ref(garbage);
880 }
881 }
882 goto exit;
883 }
884 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) {
885 /* Writes to uninitialized typed properties bypass __set(). */
886 goto write_std_property;
887 }
888 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
889 if (EXPECTED(zobj->properties != NULL)) {
890 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
891 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
892 GC_DELREF(zobj->properties);
893 }
894 zobj->properties = zend_array_dup(zobj->properties);
895 }
896 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
897 Z_TRY_ADDREF_P(value);
898 goto found;
899 }
900 }
901 } else if (UNEXPECTED(EG(exception))) {
902 variable_ptr = &EG(error_zval);
903 goto exit;
904 }
905
906 /* magic set */
907 if (zobj->ce->__set) {
908 uint32_t *guard = zend_get_property_guard(zobj, name);
909
910 if (!((*guard) & IN_SET)) {
911 GC_ADDREF(zobj);
912 (*guard) |= IN_SET; /* prevent circular setting */
913 zend_std_call_setter(zobj, name, value);
914 (*guard) &= ~IN_SET;
915 OBJ_RELEASE(zobj);
916 variable_ptr = value;
917 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
918 goto write_std_property;
919 } else {
920 /* Trigger the correct error */
921 zend_wrong_offset(zobj->ce, name);
922 ZEND_ASSERT(EG(exception));
923 variable_ptr = &EG(error_zval);
924 goto exit;
925 }
926 } else {
927 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
928 write_std_property:
929 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
930 variable_ptr = OBJ_PROP(zobj, property_offset);
931
932 Z_TRY_ADDREF_P(value);
933 if (UNEXPECTED(prop_info)) {
934 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY)
935 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "initialize"))) {
936 Z_TRY_DELREF_P(value);
937 variable_ptr = &EG(error_zval);
938 goto exit;
939 }
940
941 ZVAL_COPY_VALUE(&tmp, value);
942 // Increase refcount to prevent object from being released in __toString()
943 GC_ADDREF(zobj);
944 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
945 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
946 zend_object_released_while_assigning_to_property_error(prop_info);
947 zend_objects_store_del(zobj);
948 zval_ptr_dtor(&tmp);
949 variable_ptr = &EG(error_zval);
950 goto exit;
951 }
952 if (UNEXPECTED(!type_matched)) {
953 zval_ptr_dtor(&tmp);
954 goto exit;
955 }
956 value = &tmp;
957 Z_PROP_FLAG_P(variable_ptr) = 0;
958 goto found; /* might have been updated via e.g. __toString() */
959 }
960
961 ZVAL_COPY_VALUE(variable_ptr, value);
962 } else {
963 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
964 zend_forbidden_dynamic_property(zobj->ce, name);
965 variable_ptr = &EG(error_zval);
966 goto exit;
967 }
968 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
969 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
970 variable_ptr = &EG(error_zval);
971 goto exit;
972 }
973 }
974
975 Z_TRY_ADDREF_P(value);
976 if (!zobj->properties) {
977 rebuild_object_properties(zobj);
978 }
979 variable_ptr = zend_hash_add_new(zobj->properties, name, value);
980 }
981 }
982
983 exit:
984 return variable_ptr;
985 }
986 /* }}} */
987
zend_bad_array_access(zend_class_entry * ce)988 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
989 {
990 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
991 }
992 /* }}} */
993
zend_std_read_dimension(zend_object * object,zval * offset,int type,zval * rv)994 ZEND_API zval *zend_std_read_dimension(zend_object *object, zval *offset, int type, zval *rv) /* {{{ */
995 {
996 zend_class_entry *ce = object->ce;
997 zval tmp_offset;
998
999 /* arrayaccess_funcs_ptr is set if (and only if) the class implements zend_ce_arrayaccess */
1000 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1001 if (EXPECTED(funcs)) {
1002 if (offset == NULL) {
1003 /* [] construct */
1004 ZVAL_NULL(&tmp_offset);
1005 } else {
1006 ZVAL_COPY_DEREF(&tmp_offset, offset);
1007 }
1008
1009 GC_ADDREF(object);
1010 if (type == BP_VAR_IS) {
1011 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, rv, &tmp_offset);
1012 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
1013 OBJ_RELEASE(object);
1014 zval_ptr_dtor(&tmp_offset);
1015 return NULL;
1016 }
1017 if (!i_zend_is_true(rv)) {
1018 OBJ_RELEASE(object);
1019 zval_ptr_dtor(&tmp_offset);
1020 zval_ptr_dtor(rv);
1021 return &EG(uninitialized_zval);
1022 }
1023 zval_ptr_dtor(rv);
1024 }
1025
1026 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, rv, &tmp_offset);
1027
1028 OBJ_RELEASE(object);
1029 zval_ptr_dtor(&tmp_offset);
1030
1031 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
1032 if (UNEXPECTED(!EG(exception))) {
1033 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
1034 }
1035 return NULL;
1036 }
1037 return rv;
1038 } else {
1039 zend_bad_array_access(ce);
1040 return NULL;
1041 }
1042 }
1043 /* }}} */
1044
zend_std_write_dimension(zend_object * object,zval * offset,zval * value)1045 ZEND_API void zend_std_write_dimension(zend_object *object, zval *offset, zval *value) /* {{{ */
1046 {
1047 zend_class_entry *ce = object->ce;
1048 zval tmp_offset;
1049
1050 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1051 if (EXPECTED(funcs)) {
1052 if (!offset) {
1053 ZVAL_NULL(&tmp_offset);
1054 } else {
1055 ZVAL_COPY_DEREF(&tmp_offset, offset);
1056 }
1057 GC_ADDREF(object);
1058 zend_call_known_instance_method_with_2_params(funcs->zf_offsetset, object, NULL, &tmp_offset, value);
1059 OBJ_RELEASE(object);
1060 zval_ptr_dtor(&tmp_offset);
1061 } else {
1062 zend_bad_array_access(ce);
1063 }
1064 }
1065 /* }}} */
1066
zend_std_has_dimension(zend_object * object,zval * offset,int check_empty)1067 ZEND_API int zend_std_has_dimension(zend_object *object, zval *offset, int check_empty) /* {{{ */
1068 {
1069 zend_class_entry *ce = object->ce;
1070 zval retval, tmp_offset;
1071 int result;
1072
1073 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1074 if (EXPECTED(funcs)) {
1075 ZVAL_COPY_DEREF(&tmp_offset, offset);
1076 GC_ADDREF(object);
1077 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, &retval, &tmp_offset);
1078 result = i_zend_is_true(&retval);
1079 zval_ptr_dtor(&retval);
1080 if (check_empty && result && EXPECTED(!EG(exception))) {
1081 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, &retval, &tmp_offset);
1082 result = i_zend_is_true(&retval);
1083 zval_ptr_dtor(&retval);
1084 }
1085 OBJ_RELEASE(object);
1086 zval_ptr_dtor(&tmp_offset);
1087 } else {
1088 zend_bad_array_access(ce);
1089 return 0;
1090 }
1091 return result;
1092 }
1093 /* }}} */
1094
zend_std_get_property_ptr_ptr(zend_object * zobj,zend_string * name,int type,void ** cache_slot)1095 ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *name, int type, void **cache_slot) /* {{{ */
1096 {
1097 zval *retval = NULL;
1098 uintptr_t property_offset;
1099 const zend_property_info *prop_info = NULL;
1100
1101 #if DEBUG_OBJECT_HANDLERS
1102 fprintf(stderr, "Ptr object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
1103 #endif
1104
1105 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1106
1107 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1108 retval = OBJ_PROP(zobj, property_offset);
1109 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1110 if (EXPECTED(!zobj->ce->__get) ||
1111 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1112 UNEXPECTED(prop_info && (Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT))) {
1113 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1114 if (UNEXPECTED(prop_info)) {
1115 zend_throw_error(NULL,
1116 "Typed property %s::$%s must not be accessed before initialization",
1117 ZSTR_VAL(prop_info->ce->name),
1118 ZSTR_VAL(name));
1119 retval = &EG(error_zval);
1120 } else {
1121 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1122 /* An error handler may set the property */
1123 if (EXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1124 ZVAL_NULL(retval);
1125 }
1126 }
1127 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1128 /* Readonly property, delegate to read_property + write_property. */
1129 retval = NULL;
1130 } else if (!prop_info || !ZEND_TYPE_IS_SET(prop_info->type)) {
1131 ZVAL_NULL(retval);
1132 }
1133 } else {
1134 /* we do have getter - fail and let it try again with usual get/set */
1135 retval = NULL;
1136 }
1137 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1138 /* Readonly property, delegate to read_property + write_property. */
1139 retval = NULL;
1140 }
1141 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1142 if (EXPECTED(zobj->properties)) {
1143 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1144 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1145 GC_DELREF(zobj->properties);
1146 }
1147 zobj->properties = zend_array_dup(zobj->properties);
1148 }
1149 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1150 return retval;
1151 }
1152 }
1153 if (EXPECTED(!zobj->ce->__get) ||
1154 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1155 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1156 zend_forbidden_dynamic_property(zobj->ce, name);
1157 return &EG(error_zval);
1158 }
1159 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1160 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1161 return &EG(error_zval);
1162 }
1163 }
1164 if (UNEXPECTED(!zobj->properties)) {
1165 rebuild_object_properties(zobj);
1166 }
1167 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1168 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1169 }
1170 retval = zend_hash_add(zobj->properties, name, &EG(uninitialized_zval));
1171 }
1172 } else if (zobj->ce->__get == NULL) {
1173 retval = &EG(error_zval);
1174 }
1175
1176 return retval;
1177 }
1178 /* }}} */
1179
zend_std_unset_property(zend_object * zobj,zend_string * name,void ** cache_slot)1180 ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void **cache_slot) /* {{{ */
1181 {
1182 uintptr_t property_offset;
1183 const zend_property_info *prop_info = NULL;
1184
1185 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1186
1187 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1188 zval *slot = OBJ_PROP(zobj, property_offset);
1189
1190 if (Z_TYPE_P(slot) != IS_UNDEF) {
1191 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY))) {
1192 if (Z_PROP_FLAG_P(slot) & IS_PROP_REINITABLE) {
1193 Z_PROP_FLAG_P(slot) &= ~IS_PROP_REINITABLE;
1194 } else {
1195 zend_readonly_property_unset_error(prop_info->ce, name);
1196 return;
1197 }
1198 }
1199 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1200 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1201 if (prop_info) {
1202 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1203 }
1204 }
1205 zval tmp;
1206 ZVAL_COPY_VALUE(&tmp, slot);
1207 ZVAL_UNDEF(slot);
1208 zval_ptr_dtor(&tmp);
1209 if (zobj->properties) {
1210 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1211 }
1212 return;
1213 }
1214 if (UNEXPECTED(Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT)) {
1215 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY)
1216 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "unset"))) {
1217 return;
1218 }
1219
1220 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1221 Z_PROP_FLAG_P(slot) = 0;
1222 return;
1223 }
1224 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1225 && EXPECTED(zobj->properties != NULL)) {
1226 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1227 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1228 GC_DELREF(zobj->properties);
1229 }
1230 zobj->properties = zend_array_dup(zobj->properties);
1231 }
1232 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1233 return;
1234 }
1235 } else if (UNEXPECTED(EG(exception))) {
1236 return;
1237 }
1238
1239 /* magic unset */
1240 if (zobj->ce->__unset) {
1241 uint32_t *guard = zend_get_property_guard(zobj, name);
1242 if (!((*guard) & IN_UNSET)) {
1243 /* have unsetter - try with it! */
1244 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1245 zend_std_call_unsetter(zobj, name);
1246 (*guard) &= ~IN_UNSET;
1247 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1248 /* Trigger the correct error */
1249 zend_wrong_offset(zobj->ce, name);
1250 ZEND_ASSERT(EG(exception));
1251 return;
1252 } else {
1253 /* Nothing to do: The property already does not exist. */
1254 }
1255 }
1256 }
1257 /* }}} */
1258
zend_std_unset_dimension(zend_object * object,zval * offset)1259 ZEND_API void zend_std_unset_dimension(zend_object *object, zval *offset) /* {{{ */
1260 {
1261 zend_class_entry *ce = object->ce;
1262 zval tmp_offset;
1263
1264 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1265 if (EXPECTED(funcs)) {
1266 ZVAL_COPY_DEREF(&tmp_offset, offset);
1267 GC_ADDREF(object);
1268 zend_call_known_instance_method_with_1_params(funcs->zf_offsetunset, object, NULL, &tmp_offset);
1269 OBJ_RELEASE(object);
1270 zval_ptr_dtor(&tmp_offset);
1271 } else {
1272 zend_bad_array_access(ce);
1273 }
1274 }
1275 /* }}} */
1276
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1277 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1278 {
1279 zval *func;
1280 zend_function *fbc;
1281
1282 if (scope != ce && scope && is_derived_class(ce, scope)) {
1283 func = zend_hash_find(&scope->function_table, function_name);
1284 if (func != NULL) {
1285 fbc = Z_FUNC_P(func);
1286 if ((fbc->common.fn_flags & ZEND_ACC_PRIVATE)
1287 && fbc->common.scope == scope) {
1288 return fbc;
1289 }
1290 }
1291 }
1292 return NULL;
1293 }
1294 /* }}} */
1295
1296 /* Ensures that we're allowed to call a protected method.
1297 */
zend_check_protected(const zend_class_entry * ce,const zend_class_entry * scope)1298 ZEND_API bool zend_check_protected(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
1299 {
1300 const zend_class_entry *fbc_scope = ce;
1301
1302 /* Is the context that's calling the function, the same as one of
1303 * the function's parents?
1304 */
1305 while (fbc_scope) {
1306 if (fbc_scope==scope) {
1307 return 1;
1308 }
1309 fbc_scope = fbc_scope->parent;
1310 }
1311
1312 /* Is the function's scope the same as our current object context,
1313 * or any of the parents of our context?
1314 */
1315 while (scope) {
1316 if (scope==ce) {
1317 return 1;
1318 }
1319 scope = scope->parent;
1320 }
1321 return 0;
1322 }
1323 /* }}} */
1324
zend_get_call_trampoline_func(const zend_class_entry * ce,zend_string * method_name,bool is_static)1325 ZEND_API zend_function *zend_get_call_trampoline_func(const zend_class_entry *ce, zend_string *method_name, bool is_static) /* {{{ */
1326 {
1327 size_t mname_len;
1328 zend_op_array *func;
1329 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1330 /* We use non-NULL value to avoid useless run_time_cache allocation.
1331 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1332 */
1333 static const void *dummy = (void*)(intptr_t)2;
1334 static const zend_arg_info arg_info[1] = {{0}};
1335
1336 ZEND_ASSERT(fbc);
1337
1338 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1339 func = &EG(trampoline).op_array;
1340 } else {
1341 func = ecalloc(1, sizeof(zend_op_array));
1342 }
1343
1344 func->type = ZEND_USER_FUNCTION;
1345 func->arg_flags[0] = 0;
1346 func->arg_flags[1] = 0;
1347 func->arg_flags[2] = 0;
1348 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE
1349 | ZEND_ACC_PUBLIC
1350 | ZEND_ACC_VARIADIC
1351 | (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE);
1352 if (is_static) {
1353 func->fn_flags |= ZEND_ACC_STATIC;
1354 }
1355 func->opcodes = &EG(call_trampoline_op);
1356 ZEND_MAP_PTR_INIT(func->run_time_cache, (void**)dummy);
1357 func->scope = fbc->common.scope;
1358 /* reserve space for arguments, local and temporary variables */
1359 /* EG(trampoline) is reused from other places, like FFI (e.g. zend_ffi_cdata_get_closure()) where
1360 * it is used as an internal function. It may set fields that don't belong to common, thus
1361 * modifying zend_op_array specific data, most significantly last_var. We need to reset this
1362 * value so that it doesn't contain garbage when the engine allocates space for the next stack
1363 * frame. This didn't cause any issues until now due to "lucky" structure layout. */
1364 func->last_var = 0;
1365 uint32_t min_T = 2 + ZEND_OBSERVER_ENABLED;
1366 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, min_T) : min_T;
1367 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1368 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1369 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1370
1371 //??? keep compatibility for "\0" characters
1372 //??? see: Zend/tests/bug46238.phpt
1373 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1374 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1375 } else {
1376 func->function_name = zend_string_copy(method_name);
1377 }
1378
1379 func->prototype = NULL;
1380 func->num_args = 0;
1381 func->required_num_args = 0;
1382 func->arg_info = (zend_arg_info *) arg_info;
1383
1384 return (zend_function*)func;
1385 }
1386 /* }}} */
1387
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1388 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1389 {
1390 return zend_get_call_trampoline_func(ce, method_name, 0);
1391 }
1392 /* }}} */
1393
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1394 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1395 {
1396 zend_throw_error(NULL, "Call to %s method %s::%s() from %s%s",
1397 zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name),
1398 scope ? "scope " : "global scope",
1399 scope ? ZSTR_VAL(scope->name) : ""
1400 );
1401 }
1402 /* }}} */
1403
zend_abstract_method_call(zend_function * fbc)1404 static ZEND_COLD zend_never_inline void zend_abstract_method_call(zend_function *fbc) /* {{{ */
1405 {
1406 zend_throw_error(NULL, "Cannot call abstract method %s::%s()",
1407 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1408 }
1409 /* }}} */
1410
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1411 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1412 {
1413 zend_object *zobj = *obj_ptr;
1414 zval *func;
1415 zend_function *fbc;
1416 zend_string *lc_method_name;
1417 zend_class_entry *scope;
1418 ALLOCA_FLAG(use_heap);
1419
1420 if (EXPECTED(key != NULL)) {
1421 lc_method_name = Z_STR_P(key);
1422 #ifdef ZEND_ALLOCA_MAX_SIZE
1423 use_heap = 0;
1424 #endif
1425 } else {
1426 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1427 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1428 }
1429
1430 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1431 if (UNEXPECTED(!key)) {
1432 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1433 }
1434 if (zobj->ce->__call) {
1435 return zend_get_user_call_function(zobj->ce, method_name);
1436 } else {
1437 return NULL;
1438 }
1439 }
1440
1441 fbc = Z_FUNC_P(func);
1442
1443 /* Check access level */
1444 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1445 scope = zend_get_executed_scope();
1446
1447 if (fbc->common.scope != scope) {
1448 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1449 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1450
1451 if (EXPECTED(updated_fbc != NULL)) {
1452 fbc = updated_fbc;
1453 goto exit;
1454 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1455 goto exit;
1456 }
1457 }
1458 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1459 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1460 if (zobj->ce->__call) {
1461 fbc = zend_get_user_call_function(zobj->ce, method_name);
1462 } else {
1463 zend_bad_method_call(fbc, method_name, scope);
1464 fbc = NULL;
1465 }
1466 }
1467 }
1468 }
1469
1470 exit:
1471 if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1472 zend_abstract_method_call(fbc);
1473 fbc = NULL;
1474 }
1475 if (UNEXPECTED(!key)) {
1476 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1477 }
1478 return fbc;
1479 }
1480 /* }}} */
1481
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1482 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1483 {
1484 return zend_get_call_trampoline_func(ce, method_name, 1);
1485 }
1486 /* }}} */
1487
get_static_method_fallback(zend_class_entry * ce,zend_string * function_name)1488 static zend_always_inline zend_function *get_static_method_fallback(
1489 zend_class_entry *ce, zend_string *function_name)
1490 {
1491 zend_object *object;
1492 if (ce->__call &&
1493 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1494 instanceof_function(object->ce, ce)) {
1495 /* Call the top-level defined __call().
1496 * see: tests/classes/__call_004.phpt */
1497
1498 ZEND_ASSERT(object->ce->__call);
1499 return zend_get_user_call_function(object->ce, function_name);
1500 } else if (ce->__callstatic) {
1501 return zend_get_user_callstatic_function(ce, function_name);
1502 } else {
1503 return NULL;
1504 }
1505 }
1506
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1507 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1508 {
1509 zend_string *lc_function_name;
1510 if (EXPECTED(key != NULL)) {
1511 lc_function_name = Z_STR_P(key);
1512 } else {
1513 lc_function_name = zend_string_tolower(function_name);
1514 }
1515
1516 zend_function *fbc;
1517 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1518 if (EXPECTED(func)) {
1519 fbc = Z_FUNC_P(func);
1520 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1521 zend_class_entry *scope = zend_get_executed_scope();
1522 if (UNEXPECTED(fbc->common.scope != scope)) {
1523 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1524 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1525 zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
1526 if (!fallback_fbc) {
1527 zend_bad_method_call(fbc, function_name, scope);
1528 }
1529 fbc = fallback_fbc;
1530 }
1531 }
1532 }
1533 } else {
1534 fbc = get_static_method_fallback(ce, function_name);
1535 }
1536
1537 if (UNEXPECTED(!key)) {
1538 zend_string_release_ex(lc_function_name, 0);
1539 }
1540
1541 if (EXPECTED(fbc)) {
1542 if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1543 zend_abstract_method_call(fbc);
1544 fbc = NULL;
1545 } else if (UNEXPECTED(fbc->common.scope->ce_flags & ZEND_ACC_TRAIT)) {
1546 zend_error(E_DEPRECATED,
1547 "Calling static trait method %s::%s is deprecated, "
1548 "it should only be called on a class using the trait",
1549 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1550 if (EG(exception)) {
1551 return NULL;
1552 }
1553 }
1554 }
1555
1556 return fbc;
1557 }
1558 /* }}} */
1559
zend_class_init_statics(zend_class_entry * class_type)1560 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1561 {
1562 int i;
1563 zval *p;
1564
1565 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1566 if (class_type->parent) {
1567 zend_class_init_statics(class_type->parent);
1568 }
1569
1570 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1571 for (i = 0; i < class_type->default_static_members_count; i++) {
1572 p = &class_type->default_static_members_table[i];
1573 if (Z_TYPE_P(p) == IS_INDIRECT) {
1574 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1575 ZVAL_DEINDIRECT(q);
1576 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1577 } else {
1578 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1579 }
1580 }
1581 }
1582 } /* }}} */
1583
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1584 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1585 {
1586 zval *ret;
1587 zend_class_entry *scope;
1588 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1589 *property_info_ptr = property_info;
1590
1591 if (UNEXPECTED(property_info == NULL)) {
1592 goto undeclared_property;
1593 }
1594
1595 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1596 if (UNEXPECTED(EG(fake_scope))) {
1597 scope = EG(fake_scope);
1598 } else {
1599 scope = zend_get_executed_scope();
1600 }
1601 if (property_info->ce != scope) {
1602 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1603 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1604 if (type != BP_VAR_IS) {
1605 zend_bad_property_access(property_info, ce, property_name);
1606 }
1607 return NULL;
1608 }
1609 }
1610 }
1611
1612 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1613 undeclared_property:
1614 if (type != BP_VAR_IS) {
1615 zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1616 }
1617 return NULL;
1618 }
1619
1620 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1621 if (UNEXPECTED(zend_update_class_constants(ce) != SUCCESS)) {
1622 return NULL;
1623 }
1624 }
1625
1626 /* Ensure static properties are initialized. */
1627 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1628 zend_class_init_statics(ce);
1629 }
1630
1631 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1632 ZVAL_DEINDIRECT(ret);
1633
1634 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1635 && Z_TYPE_P(ret) == IS_UNDEF && ZEND_TYPE_IS_SET(property_info->type))) {
1636 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1637 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1638 return NULL;
1639 }
1640
1641 if (UNEXPECTED(ce->ce_flags & ZEND_ACC_TRAIT)) {
1642 zend_error(E_DEPRECATED,
1643 "Accessing static trait property %s::$%s is deprecated, "
1644 "it should only be accessed on a class using the trait",
1645 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1646 }
1647
1648 return ret;
1649 }
1650 /* }}} */
1651
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1652 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1653 {
1654 zend_property_info *prop_info;
1655 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
1656 }
1657
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)1658 ZEND_API ZEND_COLD bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
1659 {
1660 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1661 return 0;
1662 }
1663 /* }}} */
1664
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)1665 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
1666 {
1667 if (scope) {
1668 zend_throw_error(NULL, "Call to %s %s::%s() from scope %s",
1669 zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name),
1670 ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name)
1671 );
1672 } else {
1673 zend_throw_error(NULL, "Call to %s %s::%s() from global scope", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
1674 }
1675 }
1676 /* }}} */
1677
zend_std_get_constructor(zend_object * zobj)1678 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
1679 {
1680 zend_function *constructor = zobj->ce->constructor;
1681 zend_class_entry *scope;
1682
1683 if (constructor) {
1684 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
1685 if (UNEXPECTED(EG(fake_scope))) {
1686 scope = EG(fake_scope);
1687 } else {
1688 scope = zend_get_executed_scope();
1689 }
1690 if (UNEXPECTED(constructor->common.scope != scope)) {
1691 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
1692 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
1693 zend_bad_constructor_call(constructor, scope);
1694 zend_object_store_ctor_failed(zobj);
1695 constructor = NULL;
1696 }
1697 }
1698 }
1699 }
1700
1701 return constructor;
1702 }
1703 /* }}} */
1704
zend_std_compare_objects(zval * o1,zval * o2)1705 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
1706 {
1707 zend_object *zobj1, *zobj2;
1708
1709 if (Z_TYPE_P(o1) != Z_TYPE_P(o2)) {
1710 /* Object and non-object */
1711 zval *object;
1712 zval *value;
1713 zval casted;
1714 bool object_lhs;
1715 if (Z_TYPE_P(o1) == IS_OBJECT) {
1716 object = o1;
1717 value = o2;
1718 object_lhs = true;
1719 } else {
1720 object = o2;
1721 value = o1;
1722 object_lhs = false;
1723 }
1724 ZEND_ASSERT(Z_TYPE_P(value) != IS_OBJECT);
1725 uint8_t target_type = (Z_TYPE_P(value) == IS_FALSE || Z_TYPE_P(value) == IS_TRUE)
1726 ? _IS_BOOL : Z_TYPE_P(value);
1727 if (Z_OBJ_HT_P(object)->cast_object(Z_OBJ_P(object), &casted, target_type) == FAILURE) {
1728 // TODO: Less crazy.
1729 if (target_type == IS_LONG || target_type == IS_DOUBLE) {
1730 zend_error(E_NOTICE, "Object of class %s could not be converted to %s",
1731 ZSTR_VAL(Z_OBJCE_P(object)->name), zend_get_type_by_const(target_type));
1732 if (target_type == IS_LONG) {
1733 ZVAL_LONG(&casted, 1);
1734 } else {
1735 ZVAL_DOUBLE(&casted, 1.0);
1736 }
1737 } else {
1738 return object_lhs ? 1 : -1;
1739 }
1740 }
1741 int ret = object_lhs ? zend_compare(&casted, value) : zend_compare(value, &casted);
1742 zval_ptr_dtor(&casted);
1743 return ret;
1744 }
1745
1746 zobj1 = Z_OBJ_P(o1);
1747 zobj2 = Z_OBJ_P(o2);
1748
1749 if (zobj1 == zobj2) {
1750 return 0; /* the same object */
1751 }
1752 if (zobj1->ce != zobj2->ce) {
1753 return ZEND_UNCOMPARABLE; /* different classes */
1754 }
1755 if (!zobj1->properties && !zobj2->properties) {
1756 zend_property_info *info;
1757 int i;
1758
1759 if (!zobj1->ce->default_properties_count) {
1760 return 0;
1761 }
1762
1763 /* It's enough to protect only one of the objects.
1764 * The second one may be referenced from the first and this may cause
1765 * false recursion detection.
1766 */
1767 /* use bitwise OR to make only one conditional jump */
1768 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
1769 zend_error_noreturn(E_ERROR, "Nesting level too deep - recursive dependency?");
1770 }
1771 Z_PROTECT_RECURSION_P(o1);
1772
1773 for (i = 0; i < zobj1->ce->default_properties_count; i++) {
1774 zval *p1, *p2;
1775
1776 info = zobj1->ce->properties_info_table[i];
1777
1778 if (!info) {
1779 continue;
1780 }
1781
1782 p1 = OBJ_PROP(zobj1, info->offset);
1783 p2 = OBJ_PROP(zobj2, info->offset);
1784
1785 if (Z_TYPE_P(p1) != IS_UNDEF) {
1786 if (Z_TYPE_P(p2) != IS_UNDEF) {
1787 int ret;
1788
1789 ret = zend_compare(p1, p2);
1790 if (ret != 0) {
1791 Z_UNPROTECT_RECURSION_P(o1);
1792 return ret;
1793 }
1794 } else {
1795 Z_UNPROTECT_RECURSION_P(o1);
1796 return 1;
1797 }
1798 } else {
1799 if (Z_TYPE_P(p2) != IS_UNDEF) {
1800 Z_UNPROTECT_RECURSION_P(o1);
1801 return 1;
1802 }
1803 }
1804 }
1805
1806 Z_UNPROTECT_RECURSION_P(o1);
1807 return 0;
1808 } else {
1809 if (!zobj1->properties) {
1810 rebuild_object_properties(zobj1);
1811 }
1812 if (!zobj2->properties) {
1813 rebuild_object_properties(zobj2);
1814 }
1815 return zend_compare_symbol_tables(zobj1->properties, zobj2->properties);
1816 }
1817 }
1818 /* }}} */
1819
zend_objects_not_comparable(zval * o1,zval * o2)1820 ZEND_API int zend_objects_not_comparable(zval *o1, zval *o2)
1821 {
1822 return ZEND_UNCOMPARABLE;
1823 }
1824
zend_std_has_property(zend_object * zobj,zend_string * name,int has_set_exists,void ** cache_slot)1825 ZEND_API int zend_std_has_property(zend_object *zobj, zend_string *name, int has_set_exists, void **cache_slot) /* {{{ */
1826 {
1827 int result;
1828 zval *value = NULL;
1829 uintptr_t property_offset;
1830 const zend_property_info *prop_info = NULL;
1831 zend_string *tmp_name = NULL;
1832
1833 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
1834
1835 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1836 value = OBJ_PROP(zobj, property_offset);
1837 if (Z_TYPE_P(value) != IS_UNDEF) {
1838 goto found;
1839 }
1840 if (UNEXPECTED(Z_PROP_FLAG_P(value) & IS_PROP_UNINIT)) {
1841 /* Skip __isset() for uninitialized typed properties */
1842 result = 0;
1843 goto exit;
1844 }
1845 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1846 if (EXPECTED(zobj->properties != NULL)) {
1847 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
1848 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
1849
1850 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
1851 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
1852
1853 if (EXPECTED(p->key == name) ||
1854 (EXPECTED(p->h == ZSTR_H(name)) &&
1855 EXPECTED(p->key != NULL) &&
1856 EXPECTED(zend_string_equal_content(p->key, name)))) {
1857 value = &p->val;
1858 goto found;
1859 }
1860 }
1861 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
1862 }
1863 value = zend_hash_find(zobj->properties, name);
1864 if (value) {
1865 if (cache_slot) {
1866 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
1867 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
1868 }
1869 found:
1870 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
1871 result = zend_is_true(value);
1872 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
1873 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
1874 ZVAL_DEREF(value);
1875 result = (Z_TYPE_P(value) != IS_NULL);
1876 } else {
1877 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
1878 result = 1;
1879 }
1880 goto exit;
1881 }
1882 }
1883 } else if (UNEXPECTED(EG(exception))) {
1884 result = 0;
1885 goto exit;
1886 }
1887
1888 result = 0;
1889 if ((has_set_exists != ZEND_PROPERTY_EXISTS) && zobj->ce->__isset) {
1890 uint32_t *guard = zend_get_property_guard(zobj, name);
1891
1892 if (!((*guard) & IN_ISSET)) {
1893 zval rv;
1894
1895 /* have issetter - try with it! */
1896 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
1897 tmp_name = zend_string_copy(name);
1898 }
1899 GC_ADDREF(zobj);
1900 (*guard) |= IN_ISSET; /* prevent circular getting */
1901 zend_std_call_issetter(zobj, name, &rv);
1902 result = zend_is_true(&rv);
1903 zval_ptr_dtor(&rv);
1904 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
1905 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
1906 (*guard) |= IN_GET;
1907 zend_std_call_getter(zobj, name, &rv);
1908 (*guard) &= ~IN_GET;
1909 result = i_zend_is_true(&rv);
1910 zval_ptr_dtor(&rv);
1911 } else {
1912 result = 0;
1913 }
1914 }
1915 (*guard) &= ~IN_ISSET;
1916 OBJ_RELEASE(zobj);
1917 }
1918 }
1919
1920 exit:
1921 zend_tmp_string_release(tmp_name);
1922 return result;
1923 }
1924 /* }}} */
1925
zend_std_get_class_name(const zend_object * zobj)1926 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
1927 {
1928 return zend_string_copy(zobj->ce->name);
1929 }
1930 /* }}} */
1931
zend_std_cast_object_tostring(zend_object * readobj,zval * writeobj,int type)1932 ZEND_API zend_result zend_std_cast_object_tostring(zend_object *readobj, zval *writeobj, int type) /* {{{ */
1933 {
1934 switch (type) {
1935 case IS_STRING: {
1936 zend_class_entry *ce = readobj->ce;
1937 if (ce->__tostring) {
1938 zval retval;
1939 GC_ADDREF(readobj);
1940 zend_call_known_instance_method_with_0_params(ce->__tostring, readobj, &retval);
1941 zend_object_release(readobj);
1942 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
1943 ZVAL_COPY_VALUE(writeobj, &retval);
1944 return SUCCESS;
1945 }
1946 zval_ptr_dtor(&retval);
1947 if (!EG(exception)) {
1948 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
1949 }
1950 }
1951 return FAILURE;
1952 }
1953 case _IS_BOOL:
1954 ZVAL_TRUE(writeobj);
1955 return SUCCESS;
1956 default:
1957 return FAILURE;
1958 }
1959 }
1960 /* }}} */
1961
zend_std_get_closure(zend_object * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr,bool check_only)1962 ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr, bool check_only) /* {{{ */
1963 {
1964 zend_class_entry *ce = obj->ce;
1965 zval *func = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE));
1966
1967 if (func == NULL) {
1968 return FAILURE;
1969 }
1970 *fptr_ptr = Z_FUNC_P(func);
1971
1972 *ce_ptr = ce;
1973 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
1974 if (obj_ptr) {
1975 *obj_ptr = NULL;
1976 }
1977 } else {
1978 if (obj_ptr) {
1979 *obj_ptr = obj;
1980 }
1981 }
1982 return SUCCESS;
1983 }
1984 /* }}} */
1985
zend_std_get_properties_for(zend_object * obj,zend_prop_purpose purpose)1986 ZEND_API HashTable *zend_std_get_properties_for(zend_object *obj, zend_prop_purpose purpose) {
1987 HashTable *ht;
1988 switch (purpose) {
1989 case ZEND_PROP_PURPOSE_DEBUG:
1990 if (obj->handlers->get_debug_info) {
1991 int is_temp;
1992 ht = obj->handlers->get_debug_info(obj, &is_temp);
1993 if (ht && !is_temp) {
1994 GC_TRY_ADDREF(ht);
1995 }
1996 return ht;
1997 }
1998 ZEND_FALLTHROUGH;
1999 case ZEND_PROP_PURPOSE_ARRAY_CAST:
2000 case ZEND_PROP_PURPOSE_SERIALIZE:
2001 case ZEND_PROP_PURPOSE_VAR_EXPORT:
2002 case ZEND_PROP_PURPOSE_JSON:
2003 ht = obj->handlers->get_properties(obj);
2004 if (ht) {
2005 GC_TRY_ADDREF(ht);
2006 }
2007 return ht;
2008 default:
2009 ZEND_UNREACHABLE();
2010 return NULL;
2011 }
2012 }
2013
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)2014 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
2015 zend_object *zobj = Z_OBJ_P(obj);
2016
2017 if (zobj->handlers->get_properties_for) {
2018 return zobj->handlers->get_properties_for(zobj, purpose);
2019 }
2020
2021 return zend_std_get_properties_for(zobj, purpose);
2022 }
2023
2024 ZEND_API const zend_object_handlers std_object_handlers = {
2025 0, /* offset */
2026
2027 zend_object_std_dtor, /* free_obj */
2028 zend_objects_destroy_object, /* dtor_obj */
2029 zend_objects_clone_obj, /* clone_obj */
2030
2031 zend_std_read_property, /* read_property */
2032 zend_std_write_property, /* write_property */
2033 zend_std_read_dimension, /* read_dimension */
2034 zend_std_write_dimension, /* write_dimension */
2035 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
2036 zend_std_has_property, /* has_property */
2037 zend_std_unset_property, /* unset_property */
2038 zend_std_has_dimension, /* has_dimension */
2039 zend_std_unset_dimension, /* unset_dimension */
2040 zend_std_get_properties, /* get_properties */
2041 zend_std_get_method, /* get_method */
2042 zend_std_get_constructor, /* get_constructor */
2043 zend_std_get_class_name, /* get_class_name */
2044 zend_std_cast_object_tostring, /* cast_object */
2045 NULL, /* count_elements */
2046 zend_std_get_debug_info, /* get_debug_info */
2047 zend_std_get_closure, /* get_closure */
2048 zend_std_get_gc, /* get_gc */
2049 NULL, /* do_operation */
2050 zend_std_compare_objects, /* compare */
2051 NULL, /* get_properties_for */
2052 };
2053
