1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_variables.h"
24 #include "zend_API.h"
25 #include "zend_objects.h"
26 #include "zend_objects_API.h"
27 #include "zend_object_handlers.h"
28 #include "zend_interfaces.h"
29 #include "zend_exceptions.h"
30 #include "zend_closures.h"
31 #include "zend_compile.h"
32 #include "zend_hash.h"
33
34 #define DEBUG_OBJECT_HANDLERS 0
35
36 #define ZEND_WRONG_PROPERTY_OFFSET 0
37
38 /* guard flags */
39 #define IN_GET ZEND_GUARD_PROPERTY_GET
40 #define IN_SET ZEND_GUARD_PROPERTY_SET
41 #define IN_UNSET ZEND_GUARD_PROPERTY_UNSET
42 #define IN_ISSET ZEND_GUARD_PROPERTY_ISSET
43
44 /*
45 __X accessors explanation:
46
47 if we have __get and property that is not part of the properties array is
48 requested, we call __get handler. If it fails, we return uninitialized.
49
50 if we have __set and property that is not part of the properties array is
51 set, we call __set handler. If it fails, we do not change the array.
52
53 for both handlers above, when we are inside __get/__set, no further calls for
54 __get/__set for this property of this object will be made, to prevent endless
55 recursion and enable accessors to change properties array.
56
57 if we have __call and method which is not part of the class function table is
58 called, we cal __call handler.
59 */
60
rebuild_object_properties(zend_object * zobj)61 ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
62 {
63 if (!zobj->properties) {
64 zend_property_info *prop_info;
65 zend_class_entry *ce = zobj->ce;
66 int i;
67
68 zobj->properties = zend_new_array(ce->default_properties_count);
69 if (ce->default_properties_count) {
70 zend_hash_real_init_mixed(zobj->properties);
71 for (i = 0; i < ce->default_properties_count; i++) {
72 prop_info = ce->properties_info_table[i];
73
74 if (!prop_info) {
75 continue;
76 }
77
78 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
79 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
80 }
81
82 _zend_hash_append_ind(zobj->properties, prop_info->name,
83 OBJ_PROP(zobj, prop_info->offset));
84 }
85 }
86 }
87 }
88 /* }}} */
89
zend_std_build_object_properties_array(zend_object * zobj)90 ZEND_API HashTable *zend_std_build_object_properties_array(zend_object *zobj) /* {{{ */
91 {
92 zend_property_info *prop_info;
93 zend_class_entry *ce = zobj->ce;
94 HashTable *ht;
95 zval* prop;
96 int i;
97
98 ZEND_ASSERT(!zobj->properties);
99 ht = zend_new_array(ce->default_properties_count);
100 if (ce->default_properties_count) {
101 zend_hash_real_init_mixed(ht);
102 for (i = 0; i < ce->default_properties_count; i++) {
103 prop_info = ce->properties_info_table[i];
104
105 if (!prop_info) {
106 continue;
107 }
108
109 prop = OBJ_PROP(zobj, prop_info->offset);
110 if (UNEXPECTED(Z_TYPE_P(prop) == IS_UNDEF)) {
111 continue;
112 }
113
114 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
115 prop = Z_REFVAL_P(prop);
116 }
117
118 Z_TRY_ADDREF_P(prop);
119 _zend_hash_append(ht, prop_info->name, prop);
120 }
121 }
122 return ht;
123 }
124 /* }}} */
125
zend_std_get_properties(zend_object * zobj)126 ZEND_API HashTable *zend_std_get_properties(zend_object *zobj) /* {{{ */
127 {
128 if (!zobj->properties) {
129 rebuild_object_properties(zobj);
130 }
131 return zobj->properties;
132 }
133 /* }}} */
134
zend_std_get_gc(zend_object * zobj,zval ** table,int * n)135 ZEND_API HashTable *zend_std_get_gc(zend_object *zobj, zval **table, int *n) /* {{{ */
136 {
137 if (zobj->handlers->get_properties != zend_std_get_properties) {
138 *table = NULL;
139 *n = 0;
140 return zobj->handlers->get_properties(zobj);
141 } else {
142 if (zobj->properties) {
143 *table = NULL;
144 *n = 0;
145 return zobj->properties;
146 } else {
147 *table = zobj->properties_table;
148 *n = zobj->ce->default_properties_count;
149 return NULL;
150 }
151 }
152 }
153 /* }}} */
154
zend_std_get_debug_info(zend_object * object,int * is_temp)155 ZEND_API HashTable *zend_std_get_debug_info(zend_object *object, int *is_temp) /* {{{ */
156 {
157 zend_class_entry *ce = object->ce;
158 zval retval;
159 HashTable *ht;
160
161 if (!ce->__debugInfo) {
162 *is_temp = 0;
163 return object->handlers->get_properties(object);
164 }
165
166 zend_call_known_instance_method_with_0_params(ce->__debugInfo, object, &retval);
167 if (Z_TYPE(retval) == IS_ARRAY) {
168 if (!Z_REFCOUNTED(retval)) {
169 *is_temp = 1;
170 return zend_array_dup(Z_ARRVAL(retval));
171 } else if (Z_REFCOUNT(retval) <= 1) {
172 *is_temp = 1;
173 ht = Z_ARR(retval);
174 return ht;
175 } else {
176 *is_temp = 0;
177 zval_ptr_dtor(&retval);
178 return Z_ARRVAL(retval);
179 }
180 } else if (Z_TYPE(retval) == IS_NULL) {
181 *is_temp = 1;
182 ht = zend_new_array(0);
183 return ht;
184 }
185
186 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
187
188 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
189 }
190 /* }}} */
191
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)192 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
193 {
194 zval member;
195 ZVAL_STR(&member, prop_name);
196 zend_call_known_instance_method_with_1_params(zobj->ce->__get, zobj, retval, &member);
197 }
198 /* }}} */
199
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)200 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
201 {
202 zval args[2];
203 ZVAL_STR(&args[0], prop_name);
204 ZVAL_COPY_VALUE(&args[1], value);
205 zend_call_known_instance_method(zobj->ce->__set, zobj, NULL, 2, args);
206 }
207 /* }}} */
208
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)209 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
210 {
211 zval member;
212 ZVAL_STR(&member, prop_name);
213 zend_call_known_instance_method_with_1_params(zobj->ce->__unset, zobj, NULL, &member);
214 }
215 /* }}} */
216
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)217 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
218 {
219 zval member;
220 ZVAL_STR(&member, prop_name);
221 zend_call_known_instance_method_with_1_params(zobj->ce->__isset, zobj, retval, &member);
222 }
223 /* }}} */
224
225
is_derived_class(const zend_class_entry * child_class,const zend_class_entry * parent_class)226 static zend_always_inline bool is_derived_class(const zend_class_entry *child_class, const zend_class_entry *parent_class) /* {{{ */
227 {
228 child_class = child_class->parent;
229 while (child_class) {
230 if (child_class == parent_class) {
231 return 1;
232 }
233 child_class = child_class->parent;
234 }
235
236 return 0;
237 }
238 /* }}} */
239
is_protected_compatible_scope(const zend_class_entry * ce,const zend_class_entry * scope)240 static zend_never_inline int is_protected_compatible_scope(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
241 {
242 return scope &&
243 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
244 }
245 /* }}} */
246
zend_get_parent_private_property(zend_class_entry * scope,const zend_class_entry * ce,zend_string * member)247 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, const zend_class_entry *ce, zend_string *member) /* {{{ */
248 {
249 zval *zv;
250 zend_property_info *prop_info;
251
252 if (scope != ce && scope && is_derived_class(ce, scope)) {
253 zv = zend_hash_find(&scope->properties_info, member);
254 if (zv != NULL) {
255 prop_info = (zend_property_info*)Z_PTR_P(zv);
256 if ((prop_info->flags & ZEND_ACC_PRIVATE)
257 && prop_info->ce == scope) {
258 return prop_info;
259 }
260 }
261 }
262 return NULL;
263 }
264 /* }}} */
265
zend_bad_property_access(const zend_property_info * property_info,const zend_class_entry * ce,const zend_string * member)266 static ZEND_COLD zend_never_inline void zend_bad_property_access(const zend_property_info *property_info, const zend_class_entry *ce, const zend_string *member) /* {{{ */
267 {
268 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
269 }
270 /* }}} */
271
zend_bad_property_name(void)272 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
273 {
274 zend_throw_error(NULL, "Cannot access property starting with \"\\0\"");
275 }
276 /* }}} */
277
zend_forbidden_dynamic_property(const zend_class_entry * ce,const zend_string * member)278 static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
279 const zend_class_entry *ce, const zend_string *member) {
280 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
281 ZSTR_VAL(ce->name), ZSTR_VAL(member));
282 }
283
zend_deprecated_dynamic_property(zend_object * obj,const zend_string * member)284 static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
285 zend_object *obj, const zend_string *member) {
286 GC_ADDREF(obj);
287 zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
288 ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
289 if (UNEXPECTED(GC_DELREF(obj) == 0)) {
290 zend_class_entry *ce = obj->ce;
291 zend_objects_store_del(obj);
292 if (!EG(exception)) {
293 /* We cannot continue execution and have to throw an exception */
294 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
295 ZSTR_VAL(ce->name), ZSTR_VAL(member));
296 }
297 return 0;
298 }
299 return 1;
300 }
301
zend_readonly_property_modification_scope_error(const zend_class_entry * ce,const zend_string * member,const zend_class_entry * scope,const char * operation)302 static ZEND_COLD zend_never_inline void zend_readonly_property_modification_scope_error(
303 const zend_class_entry *ce, const zend_string *member, const zend_class_entry *scope, const char *operation) {
304 zend_throw_error(NULL, "Cannot %s readonly property %s::$%s from %s%s",
305 operation, ZSTR_VAL(ce->name), ZSTR_VAL(member),
306 scope ? "scope " : "global scope", scope ? ZSTR_VAL(scope->name) : "");
307 }
308
zend_readonly_property_unset_error(zend_class_entry * ce,zend_string * member)309 static ZEND_COLD zend_never_inline void zend_readonly_property_unset_error(
310 zend_class_entry *ce, zend_string *member) {
311 zend_throw_error(NULL, "Cannot unset readonly property %s::$%s",
312 ZSTR_VAL(ce->name), ZSTR_VAL(member));
313 }
314
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,const zend_property_info ** info_ptr)315 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, const zend_property_info **info_ptr) /* {{{ */
316 {
317 zval *zv;
318 zend_property_info *property_info;
319 uint32_t flags;
320 zend_class_entry *scope;
321 uintptr_t offset;
322
323 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
324 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
325 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
326 }
327
328 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
329 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
330 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
331 if (!silent) {
332 zend_bad_property_name();
333 }
334 return ZEND_WRONG_PROPERTY_OFFSET;
335 }
336 dynamic:
337 if (cache_slot) {
338 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
339 CACHE_PTR_EX(cache_slot + 2, NULL);
340 }
341 return ZEND_DYNAMIC_PROPERTY_OFFSET;
342 }
343
344 property_info = (zend_property_info*)Z_PTR_P(zv);
345 flags = property_info->flags;
346
347 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
348 if (UNEXPECTED(EG(fake_scope))) {
349 scope = EG(fake_scope);
350 } else {
351 scope = zend_get_executed_scope();
352 }
353
354 if (property_info->ce != scope) {
355 if (flags & ZEND_ACC_CHANGED) {
356 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
357
358 /* If there is a public/protected instance property on ce, don't try to use a
359 * private static property on scope. If both are static, prefer the static
360 * property on scope. This will throw a static property notice, rather than
361 * a visibility error. */
362 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
363 property_info = p;
364 flags = property_info->flags;
365 goto found;
366 } else if (flags & ZEND_ACC_PUBLIC) {
367 goto found;
368 }
369 }
370 if (flags & ZEND_ACC_PRIVATE) {
371 if (property_info->ce != ce) {
372 goto dynamic;
373 } else {
374 wrong:
375 /* Information was available, but we were denied access. Error out. */
376 if (!silent) {
377 zend_bad_property_access(property_info, ce, member);
378 }
379 return ZEND_WRONG_PROPERTY_OFFSET;
380 }
381 } else {
382 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
383 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
384 goto wrong;
385 }
386 }
387 }
388 }
389
390 found:
391 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
392 if (!silent) {
393 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
394 }
395 return ZEND_DYNAMIC_PROPERTY_OFFSET;
396 }
397
398 offset = property_info->offset;
399 if (EXPECTED(!ZEND_TYPE_IS_SET(property_info->type))) {
400 property_info = NULL;
401 } else {
402 *info_ptr = property_info;
403 }
404 if (cache_slot) {
405 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
406 CACHE_PTR_EX(cache_slot + 2, property_info);
407 }
408 return offset;
409 }
410 /* }}} */
411
zend_wrong_offset(zend_class_entry * ce,zend_string * member)412 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
413 {
414 const zend_property_info *dummy;
415
416 /* Trigger the correct error */
417 zend_get_property_offset(ce, member, 0, NULL, &dummy);
418 }
419 /* }}} */
420
zend_get_property_info(const zend_class_entry * ce,zend_string * member,int silent)421 ZEND_API zend_property_info *zend_get_property_info(const zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
422 {
423 zval *zv;
424 zend_property_info *property_info;
425 uint32_t flags;
426 zend_class_entry *scope;
427
428 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
429 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
430 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
431 if (!silent) {
432 zend_bad_property_name();
433 }
434 return ZEND_WRONG_PROPERTY_INFO;
435 }
436 dynamic:
437 return NULL;
438 }
439
440 property_info = (zend_property_info*)Z_PTR_P(zv);
441 flags = property_info->flags;
442
443 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
444 if (UNEXPECTED(EG(fake_scope))) {
445 scope = EG(fake_scope);
446 } else {
447 scope = zend_get_executed_scope();
448 }
449 if (property_info->ce != scope) {
450 if (flags & ZEND_ACC_CHANGED) {
451 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
452
453 if (p) {
454 property_info = p;
455 flags = property_info->flags;
456 goto found;
457 } else if (flags & ZEND_ACC_PUBLIC) {
458 goto found;
459 }
460 }
461 if (flags & ZEND_ACC_PRIVATE) {
462 if (property_info->ce != ce) {
463 goto dynamic;
464 } else {
465 wrong:
466 /* Information was available, but we were denied access. Error out. */
467 if (!silent) {
468 zend_bad_property_access(property_info, ce, member);
469 }
470 return ZEND_WRONG_PROPERTY_INFO;
471 }
472 } else {
473 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
474 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
475 goto wrong;
476 }
477 }
478 }
479 }
480
481 found:
482 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
483 if (!silent) {
484 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
485 }
486 }
487 return property_info;
488 }
489 /* }}} */
490
zend_check_property_access(const zend_object * zobj,zend_string * prop_info_name,bool is_dynamic)491 ZEND_API zend_result zend_check_property_access(const zend_object *zobj, zend_string *prop_info_name, bool is_dynamic) /* {{{ */
492 {
493 zend_property_info *property_info;
494 const char *class_name = NULL;
495 const char *prop_name;
496 zend_string *member;
497 size_t prop_name_len;
498
499 if (ZSTR_VAL(prop_info_name)[0] == 0) {
500 if (is_dynamic) {
501 return SUCCESS;
502 }
503
504 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
505 member = zend_string_init(prop_name, prop_name_len, 0);
506 property_info = zend_get_property_info(zobj->ce, member, 1);
507 zend_string_release_ex(member, 0);
508 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
509 return FAILURE;
510 }
511
512 if (class_name[0] != '*') {
513 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
514 /* we we're looking for a private prop but found a non private one of the same name */
515 return FAILURE;
516 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
517 /* we we're looking for a private prop but found a private one of the same name but another class */
518 return FAILURE;
519 }
520 } else {
521 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
522 }
523 return SUCCESS;
524 } else {
525 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
526 if (property_info == NULL) {
527 ZEND_ASSERT(is_dynamic);
528 return SUCCESS;
529 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
530 return FAILURE;
531 }
532 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
533 }
534 }
535 /* }}} */
536
zend_property_guard_dtor(zval * el)537 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
538 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
539 if (EXPECTED(!(((uintptr_t)ptr) & 1))) {
540 efree_size(ptr, sizeof(uint32_t));
541 }
542 }
543 /* }}} */
544
zend_get_guard_value(zend_object * zobj)545 static zend_always_inline zval *zend_get_guard_value(zend_object *zobj)
546 {
547 return zobj->properties_table + zobj->ce->default_properties_count;
548 }
549
zend_get_property_guard(zend_object * zobj,zend_string * member)550 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
551 {
552 HashTable *guards;
553 zval *zv;
554 uint32_t *ptr;
555
556
557 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
558 zv = zend_get_guard_value(zobj);
559 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
560 zend_string *str = Z_STR_P(zv);
561 if (EXPECTED(str == member) ||
562 /* str and member don't necessarily have a pre-calculated hash value here */
563 EXPECTED(zend_string_equal_content(str, member))) {
564 return &Z_GUARD_P(zv);
565 } else if (EXPECTED(Z_GUARD_P(zv) == 0)) {
566 zval_ptr_dtor_str(zv);
567 ZVAL_STR_COPY(zv, member);
568 return &Z_GUARD_P(zv);
569 } else {
570 ALLOC_HASHTABLE(guards);
571 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
572 /* mark pointer as "special" using low bit */
573 zend_hash_add_new_ptr(guards, str,
574 (void*)(((uintptr_t)&Z_GUARD_P(zv)) | 1));
575 zval_ptr_dtor_str(zv);
576 ZVAL_ARR(zv, guards);
577 }
578 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
579 guards = Z_ARRVAL_P(zv);
580 ZEND_ASSERT(guards != NULL);
581 zv = zend_hash_find(guards, member);
582 if (zv != NULL) {
583 return (uint32_t*)(((uintptr_t)Z_PTR_P(zv)) & ~1);
584 }
585 } else {
586 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
587 ZVAL_STR_COPY(zv, member);
588 Z_GUARD_P(zv) &= ~ZEND_GUARD_PROPERTY_MASK;
589 return &Z_GUARD_P(zv);
590 }
591 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
592 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
593 *ptr = 0;
594 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
595 }
596 /* }}} */
597
zend_get_recursion_guard(zend_object * zobj)598 ZEND_API uint32_t *zend_get_recursion_guard(zend_object *zobj)
599 {
600 if (!(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS)) {
601 return NULL;
602 }
603 zval *zv = zend_get_guard_value(zobj);
604 return &Z_GUARD_P(zv);
605 }
606
zend_std_read_property(zend_object * zobj,zend_string * name,int type,void ** cache_slot,zval * rv)607 ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int type, void **cache_slot, zval *rv) /* {{{ */
608 {
609 zval *retval;
610 uintptr_t property_offset;
611 const zend_property_info *prop_info = NULL;
612 uint32_t *guard = NULL;
613 zend_string *tmp_name = NULL;
614
615 #if DEBUG_OBJECT_HANDLERS
616 fprintf(stderr, "Read object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
617 #endif
618
619 /* make zend_get_property_info silent if we have getter - we may want to use it */
620 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
621
622 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
623 retval = OBJ_PROP(zobj, property_offset);
624 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
625 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)
626 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
627 if (Z_TYPE_P(retval) == IS_OBJECT) {
628 /* For objects, W/RW/UNSET fetch modes might not actually modify object.
629 * Similar as with magic __get() allow them, but return the value as a copy
630 * to make sure no actual modification is possible. */
631 ZVAL_COPY(rv, retval);
632 retval = rv;
633 } else if (Z_PROP_FLAG_P(retval) & IS_PROP_REINITABLE) {
634 Z_PROP_FLAG_P(retval) &= ~IS_PROP_REINITABLE;
635 } else {
636 zend_readonly_property_modification_error(prop_info);
637 retval = &EG(uninitialized_zval);
638 }
639 }
640 goto exit;
641 } else {
642 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
643 if (type == BP_VAR_W || type == BP_VAR_RW) {
644 zend_readonly_property_indirect_modification_error(prop_info);
645 retval = &EG(uninitialized_zval);
646 goto exit;
647 } else if (type == BP_VAR_UNSET) {
648 retval = &EG(uninitialized_zval);
649 goto exit;
650 }
651 }
652 }
653 if (UNEXPECTED(Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT)) {
654 /* Skip __get() for uninitialized typed properties */
655 goto uninit_error;
656 }
657 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
658 if (EXPECTED(zobj->properties != NULL)) {
659 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
660 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
661
662 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
663 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
664
665 if (EXPECTED(p->key == name) ||
666 (EXPECTED(p->h == ZSTR_H(name)) &&
667 EXPECTED(p->key != NULL) &&
668 EXPECTED(zend_string_equal_content(p->key, name)))) {
669 retval = &p->val;
670 goto exit;
671 }
672 }
673 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
674 }
675 retval = zend_hash_find(zobj->properties, name);
676 if (EXPECTED(retval)) {
677 if (cache_slot) {
678 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
679 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
680 }
681 goto exit;
682 }
683 }
684 } else if (UNEXPECTED(EG(exception))) {
685 retval = &EG(uninitialized_zval);
686 goto exit;
687 }
688
689 /* magic isset */
690 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
691 zval tmp_result;
692 guard = zend_get_property_guard(zobj, name);
693
694 if (!((*guard) & IN_ISSET)) {
695 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
696 tmp_name = zend_string_copy(name);
697 }
698 GC_ADDREF(zobj);
699 ZVAL_UNDEF(&tmp_result);
700
701 *guard |= IN_ISSET;
702 zend_std_call_issetter(zobj, name, &tmp_result);
703 *guard &= ~IN_ISSET;
704
705 if (!zend_is_true(&tmp_result)) {
706 retval = &EG(uninitialized_zval);
707 OBJ_RELEASE(zobj);
708 zval_ptr_dtor(&tmp_result);
709 goto exit;
710 }
711
712 zval_ptr_dtor(&tmp_result);
713 if (zobj->ce->__get && !((*guard) & IN_GET)) {
714 goto call_getter;
715 }
716 OBJ_RELEASE(zobj);
717 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
718 goto call_getter_addref;
719 }
720 } else if (zobj->ce->__get) {
721 /* magic get */
722 guard = zend_get_property_guard(zobj, name);
723 if (!((*guard) & IN_GET)) {
724 /* have getter - try with it! */
725 call_getter_addref:
726 GC_ADDREF(zobj);
727 call_getter:
728 *guard |= IN_GET; /* prevent circular getting */
729 zend_std_call_getter(zobj, name, rv);
730 *guard &= ~IN_GET;
731
732 if (Z_TYPE_P(rv) != IS_UNDEF) {
733 retval = rv;
734 if (!Z_ISREF_P(rv) &&
735 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
736 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
737 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
738 }
739 }
740 } else {
741 retval = &EG(uninitialized_zval);
742 }
743
744 if (UNEXPECTED(prop_info)) {
745 zend_verify_prop_assignable_by_ref_ex(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0, ZEND_VERIFY_PROP_ASSIGNABLE_BY_REF_CONTEXT_MAGIC_GET);
746 }
747
748 OBJ_RELEASE(zobj);
749 goto exit;
750 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
751 /* Trigger the correct error */
752 zend_get_property_offset(zobj->ce, name, 0, NULL, &prop_info);
753 ZEND_ASSERT(EG(exception));
754 retval = &EG(uninitialized_zval);
755 goto exit;
756 }
757 }
758
759 uninit_error:
760 if (type != BP_VAR_IS) {
761 if (UNEXPECTED(prop_info)) {
762 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
763 ZSTR_VAL(prop_info->ce->name),
764 ZSTR_VAL(name));
765 } else {
766 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
767 }
768 }
769 retval = &EG(uninitialized_zval);
770
771 exit:
772 zend_tmp_string_release(tmp_name);
773
774 return retval;
775 }
776 /* }}} */
777
property_uses_strict_types(void)778 static zend_always_inline bool property_uses_strict_types(void) {
779 zend_execute_data *execute_data = EG(current_execute_data);
780 return execute_data
781 && execute_data->func
782 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
783 }
784
verify_readonly_initialization_access(const zend_property_info * prop_info,const zend_class_entry * ce,zend_string * name,const char * operation)785 static bool verify_readonly_initialization_access(
786 const zend_property_info *prop_info, const zend_class_entry *ce,
787 zend_string *name, const char *operation) {
788 zend_class_entry *scope;
789 if (UNEXPECTED(EG(fake_scope))) {
790 scope = EG(fake_scope);
791 } else {
792 scope = zend_get_executed_scope();
793 }
794 if (prop_info->ce == scope) {
795 return true;
796 }
797
798 /* We may have redeclared a parent property. In that case the parent should still be
799 * allowed to initialize it. */
800 if (scope && is_derived_class(ce, scope)) {
801 const zend_property_info *prop_info = zend_hash_find_ptr(&scope->properties_info, name);
802 if (prop_info) {
803 /* This should be ensured by inheritance. */
804 ZEND_ASSERT(prop_info->flags & ZEND_ACC_READONLY);
805 if (prop_info->ce == scope) {
806 return true;
807 }
808 }
809 }
810
811 zend_readonly_property_modification_scope_error(prop_info->ce, name, scope, operation);
812 return false;
813 }
814
zend_std_write_property(zend_object * zobj,zend_string * name,zval * value,void ** cache_slot)815 ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zval *value, void **cache_slot) /* {{{ */
816 {
817 zval *variable_ptr, tmp;
818 uintptr_t property_offset;
819 const zend_property_info *prop_info = NULL;
820 ZEND_ASSERT(!Z_ISREF_P(value));
821
822 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
823
824 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
825 variable_ptr = OBJ_PROP(zobj, property_offset);
826 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
827 Z_TRY_ADDREF_P(value);
828
829 if (UNEXPECTED(prop_info)) {
830 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY) && !(Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINITABLE))) {
831 Z_TRY_DELREF_P(value);
832 zend_readonly_property_modification_error(prop_info);
833 variable_ptr = &EG(error_zval);
834 goto exit;
835 }
836
837 ZVAL_COPY_VALUE(&tmp, value);
838 // Increase refcount to prevent object from being released in __toString()
839 GC_ADDREF(zobj);
840 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
841 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
842 zend_object_released_while_assigning_to_property_error(prop_info);
843 zend_objects_store_del(zobj);
844 zval_ptr_dtor(&tmp);
845 variable_ptr = &EG(error_zval);
846 goto exit;
847 }
848 if (UNEXPECTED(!type_matched)) {
849 zval_ptr_dtor(&tmp);
850 variable_ptr = &EG(error_zval);
851 goto exit;
852 }
853 Z_PROP_FLAG_P(variable_ptr) &= ~IS_PROP_REINITABLE;
854 value = &tmp;
855 }
856
857 found:;
858 zend_refcounted *garbage = NULL;
859
860 variable_ptr = zend_assign_to_variable_ex(
861 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types(), &garbage);
862
863 if (garbage) {
864 if (GC_DELREF(garbage) == 0) {
865 zend_execute_data *execute_data = EG(current_execute_data);
866 // Assign to result variable before calling the destructor as it may release the object
867 if (execute_data
868 && EX(func)
869 && ZEND_USER_CODE(EX(func)->common.type)
870 && EX(opline)
871 && EX(opline)->opcode == ZEND_ASSIGN_OBJ
872 && EX(opline)->result_type) {
873 ZVAL_COPY_DEREF(EX_VAR(EX(opline)->result.var), variable_ptr);
874 variable_ptr = NULL;
875 }
876 rc_dtor_func(garbage);
877 } else {
878 gc_check_possible_root_no_ref(garbage);
879 }
880 }
881 goto exit;
882 }
883 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) {
884 /* Writes to uninitialized typed properties bypass __set(). */
885 goto write_std_property;
886 }
887 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
888 if (EXPECTED(zobj->properties != NULL)) {
889 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
890 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
891 GC_DELREF(zobj->properties);
892 }
893 zobj->properties = zend_array_dup(zobj->properties);
894 }
895 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
896 Z_TRY_ADDREF_P(value);
897 goto found;
898 }
899 }
900 } else if (UNEXPECTED(EG(exception))) {
901 variable_ptr = &EG(error_zval);
902 goto exit;
903 }
904
905 /* magic set */
906 if (zobj->ce->__set) {
907 uint32_t *guard = zend_get_property_guard(zobj, name);
908
909 if (!((*guard) & IN_SET)) {
910 GC_ADDREF(zobj);
911 (*guard) |= IN_SET; /* prevent circular setting */
912 zend_std_call_setter(zobj, name, value);
913 (*guard) &= ~IN_SET;
914 OBJ_RELEASE(zobj);
915 variable_ptr = value;
916 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
917 goto write_std_property;
918 } else {
919 /* Trigger the correct error */
920 zend_wrong_offset(zobj->ce, name);
921 ZEND_ASSERT(EG(exception));
922 variable_ptr = &EG(error_zval);
923 goto exit;
924 }
925 } else {
926 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
927 write_std_property:
928 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
929 variable_ptr = OBJ_PROP(zobj, property_offset);
930
931 Z_TRY_ADDREF_P(value);
932 if (UNEXPECTED(prop_info)) {
933 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY)
934 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "initialize"))) {
935 Z_TRY_DELREF_P(value);
936 variable_ptr = &EG(error_zval);
937 goto exit;
938 }
939
940 ZVAL_COPY_VALUE(&tmp, value);
941 // Increase refcount to prevent object from being released in __toString()
942 GC_ADDREF(zobj);
943 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
944 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
945 zend_object_released_while_assigning_to_property_error(prop_info);
946 zend_objects_store_del(zobj);
947 zval_ptr_dtor(&tmp);
948 variable_ptr = &EG(error_zval);
949 goto exit;
950 }
951 if (UNEXPECTED(!type_matched)) {
952 zval_ptr_dtor(&tmp);
953 goto exit;
954 }
955 value = &tmp;
956 Z_PROP_FLAG_P(variable_ptr) = 0;
957 goto found; /* might have been updated via e.g. __toString() */
958 }
959
960 ZVAL_COPY_VALUE(variable_ptr, value);
961 } else {
962 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
963 zend_forbidden_dynamic_property(zobj->ce, name);
964 variable_ptr = &EG(error_zval);
965 goto exit;
966 }
967 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
968 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
969 variable_ptr = &EG(error_zval);
970 goto exit;
971 }
972 }
973
974 Z_TRY_ADDREF_P(value);
975 if (!zobj->properties) {
976 rebuild_object_properties(zobj);
977 }
978 variable_ptr = zend_hash_add_new(zobj->properties, name, value);
979 }
980 }
981
982 exit:
983 return variable_ptr;
984 }
985 /* }}} */
986
zend_bad_array_access(zend_class_entry * ce)987 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
988 {
989 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
990 }
991 /* }}} */
992
zend_std_read_dimension(zend_object * object,zval * offset,int type,zval * rv)993 ZEND_API zval *zend_std_read_dimension(zend_object *object, zval *offset, int type, zval *rv) /* {{{ */
994 {
995 zend_class_entry *ce = object->ce;
996 zval tmp_offset;
997
998 /* arrayaccess_funcs_ptr is set if (and only if) the class implements zend_ce_arrayaccess */
999 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1000 if (EXPECTED(funcs)) {
1001 if (offset == NULL) {
1002 /* [] construct */
1003 ZVAL_NULL(&tmp_offset);
1004 } else {
1005 ZVAL_COPY_DEREF(&tmp_offset, offset);
1006 }
1007
1008 GC_ADDREF(object);
1009 if (type == BP_VAR_IS) {
1010 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, rv, &tmp_offset);
1011 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
1012 OBJ_RELEASE(object);
1013 zval_ptr_dtor(&tmp_offset);
1014 return NULL;
1015 }
1016 if (!i_zend_is_true(rv)) {
1017 OBJ_RELEASE(object);
1018 zval_ptr_dtor(&tmp_offset);
1019 zval_ptr_dtor(rv);
1020 return &EG(uninitialized_zval);
1021 }
1022 zval_ptr_dtor(rv);
1023 }
1024
1025 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, rv, &tmp_offset);
1026
1027 OBJ_RELEASE(object);
1028 zval_ptr_dtor(&tmp_offset);
1029
1030 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
1031 if (UNEXPECTED(!EG(exception))) {
1032 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
1033 }
1034 return NULL;
1035 }
1036 return rv;
1037 } else {
1038 zend_bad_array_access(ce);
1039 return NULL;
1040 }
1041 }
1042 /* }}} */
1043
zend_std_write_dimension(zend_object * object,zval * offset,zval * value)1044 ZEND_API void zend_std_write_dimension(zend_object *object, zval *offset, zval *value) /* {{{ */
1045 {
1046 zend_class_entry *ce = object->ce;
1047 zval tmp_offset;
1048
1049 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1050 if (EXPECTED(funcs)) {
1051 if (!offset) {
1052 ZVAL_NULL(&tmp_offset);
1053 } else {
1054 ZVAL_COPY_DEREF(&tmp_offset, offset);
1055 }
1056 GC_ADDREF(object);
1057 zend_call_known_instance_method_with_2_params(funcs->zf_offsetset, object, NULL, &tmp_offset, value);
1058 OBJ_RELEASE(object);
1059 zval_ptr_dtor(&tmp_offset);
1060 } else {
1061 zend_bad_array_access(ce);
1062 }
1063 }
1064 /* }}} */
1065
zend_std_has_dimension(zend_object * object,zval * offset,int check_empty)1066 ZEND_API int zend_std_has_dimension(zend_object *object, zval *offset, int check_empty) /* {{{ */
1067 {
1068 zend_class_entry *ce = object->ce;
1069 zval retval, tmp_offset;
1070 int result;
1071
1072 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1073 if (EXPECTED(funcs)) {
1074 ZVAL_COPY_DEREF(&tmp_offset, offset);
1075 GC_ADDREF(object);
1076 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, &retval, &tmp_offset);
1077 result = i_zend_is_true(&retval);
1078 zval_ptr_dtor(&retval);
1079 if (check_empty && result && EXPECTED(!EG(exception))) {
1080 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, &retval, &tmp_offset);
1081 result = i_zend_is_true(&retval);
1082 zval_ptr_dtor(&retval);
1083 }
1084 OBJ_RELEASE(object);
1085 zval_ptr_dtor(&tmp_offset);
1086 } else {
1087 zend_bad_array_access(ce);
1088 return 0;
1089 }
1090 return result;
1091 }
1092 /* }}} */
1093
zend_std_get_property_ptr_ptr(zend_object * zobj,zend_string * name,int type,void ** cache_slot)1094 ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *name, int type, void **cache_slot) /* {{{ */
1095 {
1096 zval *retval = NULL;
1097 uintptr_t property_offset;
1098 const zend_property_info *prop_info = NULL;
1099
1100 #if DEBUG_OBJECT_HANDLERS
1101 fprintf(stderr, "Ptr object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
1102 #endif
1103
1104 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1105
1106 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1107 retval = OBJ_PROP(zobj, property_offset);
1108 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1109 if (EXPECTED(!zobj->ce->__get) ||
1110 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1111 UNEXPECTED(prop_info && (Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT))) {
1112 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1113 if (UNEXPECTED(prop_info)) {
1114 zend_throw_error(NULL,
1115 "Typed property %s::$%s must not be accessed before initialization",
1116 ZSTR_VAL(prop_info->ce->name),
1117 ZSTR_VAL(name));
1118 retval = &EG(error_zval);
1119 } else {
1120 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1121 /* An error handler may set the property */
1122 if (EXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1123 ZVAL_NULL(retval);
1124 }
1125 }
1126 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1127 /* Readonly property, delegate to read_property + write_property. */
1128 retval = NULL;
1129 } else if (!prop_info || !ZEND_TYPE_IS_SET(prop_info->type)) {
1130 ZVAL_NULL(retval);
1131 }
1132 } else {
1133 /* we do have getter - fail and let it try again with usual get/set */
1134 retval = NULL;
1135 }
1136 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1137 /* Readonly property, delegate to read_property + write_property. */
1138 retval = NULL;
1139 }
1140 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1141 if (EXPECTED(zobj->properties)) {
1142 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1143 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1144 GC_DELREF(zobj->properties);
1145 }
1146 zobj->properties = zend_array_dup(zobj->properties);
1147 }
1148 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1149 return retval;
1150 }
1151 }
1152 if (EXPECTED(!zobj->ce->__get) ||
1153 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1154 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1155 zend_forbidden_dynamic_property(zobj->ce, name);
1156 return &EG(error_zval);
1157 }
1158 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1159 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1160 return &EG(error_zval);
1161 }
1162 }
1163 if (UNEXPECTED(!zobj->properties)) {
1164 rebuild_object_properties(zobj);
1165 }
1166 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1167 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1168 }
1169 retval = zend_hash_add(zobj->properties, name, &EG(uninitialized_zval));
1170 }
1171 } else if (zobj->ce->__get == NULL) {
1172 retval = &EG(error_zval);
1173 }
1174
1175 return retval;
1176 }
1177 /* }}} */
1178
zend_std_unset_property(zend_object * zobj,zend_string * name,void ** cache_slot)1179 ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void **cache_slot) /* {{{ */
1180 {
1181 uintptr_t property_offset;
1182 const zend_property_info *prop_info = NULL;
1183
1184 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1185
1186 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1187 zval *slot = OBJ_PROP(zobj, property_offset);
1188
1189 if (Z_TYPE_P(slot) != IS_UNDEF) {
1190 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY))) {
1191 if (Z_PROP_FLAG_P(slot) & IS_PROP_REINITABLE) {
1192 Z_PROP_FLAG_P(slot) &= ~IS_PROP_REINITABLE;
1193 } else {
1194 zend_readonly_property_unset_error(prop_info->ce, name);
1195 return;
1196 }
1197 }
1198 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1199 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1200 if (prop_info) {
1201 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1202 }
1203 }
1204 zval tmp;
1205 ZVAL_COPY_VALUE(&tmp, slot);
1206 ZVAL_UNDEF(slot);
1207 zval_ptr_dtor(&tmp);
1208 if (zobj->properties) {
1209 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1210 }
1211 return;
1212 }
1213 if (UNEXPECTED(Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT)) {
1214 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY)
1215 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "unset"))) {
1216 return;
1217 }
1218
1219 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1220 Z_PROP_FLAG_P(slot) = 0;
1221 return;
1222 }
1223 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1224 && EXPECTED(zobj->properties != NULL)) {
1225 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1226 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1227 GC_DELREF(zobj->properties);
1228 }
1229 zobj->properties = zend_array_dup(zobj->properties);
1230 }
1231 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1232 return;
1233 }
1234 } else if (UNEXPECTED(EG(exception))) {
1235 return;
1236 }
1237
1238 /* magic unset */
1239 if (zobj->ce->__unset) {
1240 uint32_t *guard = zend_get_property_guard(zobj, name);
1241 if (!((*guard) & IN_UNSET)) {
1242 /* have unsetter - try with it! */
1243 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1244 zend_std_call_unsetter(zobj, name);
1245 (*guard) &= ~IN_UNSET;
1246 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1247 /* Trigger the correct error */
1248 zend_wrong_offset(zobj->ce, name);
1249 ZEND_ASSERT(EG(exception));
1250 return;
1251 } else {
1252 /* Nothing to do: The property already does not exist. */
1253 }
1254 }
1255 }
1256 /* }}} */
1257
zend_std_unset_dimension(zend_object * object,zval * offset)1258 ZEND_API void zend_std_unset_dimension(zend_object *object, zval *offset) /* {{{ */
1259 {
1260 zend_class_entry *ce = object->ce;
1261 zval tmp_offset;
1262
1263 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1264 if (EXPECTED(funcs)) {
1265 ZVAL_COPY_DEREF(&tmp_offset, offset);
1266 GC_ADDREF(object);
1267 zend_call_known_instance_method_with_1_params(funcs->zf_offsetunset, object, NULL, &tmp_offset);
1268 OBJ_RELEASE(object);
1269 zval_ptr_dtor(&tmp_offset);
1270 } else {
1271 zend_bad_array_access(ce);
1272 }
1273 }
1274 /* }}} */
1275
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1276 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1277 {
1278 zval *func;
1279 zend_function *fbc;
1280
1281 if (scope != ce && scope && is_derived_class(ce, scope)) {
1282 func = zend_hash_find(&scope->function_table, function_name);
1283 if (func != NULL) {
1284 fbc = Z_FUNC_P(func);
1285 if ((fbc->common.fn_flags & ZEND_ACC_PRIVATE)
1286 && fbc->common.scope == scope) {
1287 return fbc;
1288 }
1289 }
1290 }
1291 return NULL;
1292 }
1293 /* }}} */
1294
1295 /* Ensures that we're allowed to call a protected method.
1296 */
zend_check_protected(const zend_class_entry * ce,const zend_class_entry * scope)1297 ZEND_API bool zend_check_protected(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
1298 {
1299 const zend_class_entry *fbc_scope = ce;
1300
1301 /* Is the context that's calling the function, the same as one of
1302 * the function's parents?
1303 */
1304 while (fbc_scope) {
1305 if (fbc_scope==scope) {
1306 return 1;
1307 }
1308 fbc_scope = fbc_scope->parent;
1309 }
1310
1311 /* Is the function's scope the same as our current object context,
1312 * or any of the parents of our context?
1313 */
1314 while (scope) {
1315 if (scope==ce) {
1316 return 1;
1317 }
1318 scope = scope->parent;
1319 }
1320 return 0;
1321 }
1322 /* }}} */
1323
zend_get_call_trampoline_func(const zend_class_entry * ce,zend_string * method_name,bool is_static)1324 ZEND_API zend_function *zend_get_call_trampoline_func(const zend_class_entry *ce, zend_string *method_name, bool is_static) /* {{{ */
1325 {
1326 size_t mname_len;
1327 zend_op_array *func;
1328 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1329 /* We use non-NULL value to avoid useless run_time_cache allocation.
1330 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1331 */
1332 static const void *dummy = (void*)(intptr_t)2;
1333 static const zend_arg_info arg_info[1] = {{0}};
1334
1335 ZEND_ASSERT(fbc);
1336
1337 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1338 func = &EG(trampoline).op_array;
1339 } else {
1340 func = ecalloc(1, sizeof(zend_op_array));
1341 }
1342
1343 func->type = ZEND_USER_FUNCTION;
1344 func->arg_flags[0] = 0;
1345 func->arg_flags[1] = 0;
1346 func->arg_flags[2] = 0;
1347 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE | ZEND_ACC_PUBLIC | ZEND_ACC_VARIADIC;
1348 if (is_static) {
1349 func->fn_flags |= ZEND_ACC_STATIC;
1350 }
1351 func->opcodes = &EG(call_trampoline_op);
1352 ZEND_MAP_PTR_INIT(func->run_time_cache, (void**)dummy);
1353 func->scope = fbc->common.scope;
1354 /* reserve space for arguments, local and temporary variables */
1355 /* EG(trampoline) is reused from other places, like FFI (e.g. zend_ffi_cdata_get_closure()) where
1356 * it is used as an internal function. It may set fields that don't belong to common, thus
1357 * modifying zend_op_array specific data, most significantly last_var. We need to reset this
1358 * value so that it doesn't contain garbage when the engine allocates space for the next stack
1359 * frame. This didn't cause any issues until now due to "lucky" structure layout. */
1360 func->last_var = 0;
1361 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, 2) : 2;
1362 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1363 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1364 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1365
1366 //??? keep compatibility for "\0" characters
1367 //??? see: Zend/tests/bug46238.phpt
1368 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1369 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1370 } else {
1371 func->function_name = zend_string_copy(method_name);
1372 }
1373
1374 func->prototype = NULL;
1375 func->num_args = 0;
1376 func->required_num_args = 0;
1377 func->arg_info = (zend_arg_info *) arg_info;
1378
1379 return (zend_function*)func;
1380 }
1381 /* }}} */
1382
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1383 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1384 {
1385 return zend_get_call_trampoline_func(ce, method_name, 0);
1386 }
1387 /* }}} */
1388
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1389 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1390 {
1391 zend_throw_error(NULL, "Call to %s method %s::%s() from %s%s",
1392 zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name),
1393 scope ? "scope " : "global scope",
1394 scope ? ZSTR_VAL(scope->name) : ""
1395 );
1396 }
1397 /* }}} */
1398
zend_abstract_method_call(zend_function * fbc)1399 static ZEND_COLD zend_never_inline void zend_abstract_method_call(zend_function *fbc) /* {{{ */
1400 {
1401 zend_throw_error(NULL, "Cannot call abstract method %s::%s()",
1402 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1403 }
1404 /* }}} */
1405
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1406 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1407 {
1408 zend_object *zobj = *obj_ptr;
1409 zval *func;
1410 zend_function *fbc;
1411 zend_string *lc_method_name;
1412 zend_class_entry *scope;
1413 ALLOCA_FLAG(use_heap);
1414
1415 if (EXPECTED(key != NULL)) {
1416 lc_method_name = Z_STR_P(key);
1417 #ifdef ZEND_ALLOCA_MAX_SIZE
1418 use_heap = 0;
1419 #endif
1420 } else {
1421 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1422 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1423 }
1424
1425 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1426 if (UNEXPECTED(!key)) {
1427 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1428 }
1429 if (zobj->ce->__call) {
1430 return zend_get_user_call_function(zobj->ce, method_name);
1431 } else {
1432 return NULL;
1433 }
1434 }
1435
1436 fbc = Z_FUNC_P(func);
1437
1438 /* Check access level */
1439 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1440 scope = zend_get_executed_scope();
1441
1442 if (fbc->common.scope != scope) {
1443 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1444 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1445
1446 if (EXPECTED(updated_fbc != NULL)) {
1447 fbc = updated_fbc;
1448 goto exit;
1449 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1450 goto exit;
1451 }
1452 }
1453 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1454 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1455 if (zobj->ce->__call) {
1456 fbc = zend_get_user_call_function(zobj->ce, method_name);
1457 } else {
1458 zend_bad_method_call(fbc, method_name, scope);
1459 fbc = NULL;
1460 }
1461 }
1462 }
1463 }
1464
1465 exit:
1466 if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1467 zend_abstract_method_call(fbc);
1468 fbc = NULL;
1469 }
1470 if (UNEXPECTED(!key)) {
1471 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1472 }
1473 return fbc;
1474 }
1475 /* }}} */
1476
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1477 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1478 {
1479 return zend_get_call_trampoline_func(ce, method_name, 1);
1480 }
1481 /* }}} */
1482
get_static_method_fallback(zend_class_entry * ce,zend_string * function_name)1483 static zend_always_inline zend_function *get_static_method_fallback(
1484 zend_class_entry *ce, zend_string *function_name)
1485 {
1486 zend_object *object;
1487 if (ce->__call &&
1488 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1489 instanceof_function(object->ce, ce)) {
1490 /* Call the top-level defined __call().
1491 * see: tests/classes/__call_004.phpt */
1492
1493 ZEND_ASSERT(object->ce->__call);
1494 return zend_get_user_call_function(object->ce, function_name);
1495 } else if (ce->__callstatic) {
1496 return zend_get_user_callstatic_function(ce, function_name);
1497 } else {
1498 return NULL;
1499 }
1500 }
1501
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1502 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1503 {
1504 zend_string *lc_function_name;
1505 if (EXPECTED(key != NULL)) {
1506 lc_function_name = Z_STR_P(key);
1507 } else {
1508 lc_function_name = zend_string_tolower(function_name);
1509 }
1510
1511 zend_function *fbc;
1512 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1513 if (EXPECTED(func)) {
1514 fbc = Z_FUNC_P(func);
1515 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1516 zend_class_entry *scope = zend_get_executed_scope();
1517 if (UNEXPECTED(fbc->common.scope != scope)) {
1518 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1519 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1520 zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
1521 if (!fallback_fbc) {
1522 zend_bad_method_call(fbc, function_name, scope);
1523 }
1524 fbc = fallback_fbc;
1525 }
1526 }
1527 }
1528 } else {
1529 fbc = get_static_method_fallback(ce, function_name);
1530 }
1531
1532 if (UNEXPECTED(!key)) {
1533 zend_string_release_ex(lc_function_name, 0);
1534 }
1535
1536 if (EXPECTED(fbc)) {
1537 if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1538 zend_abstract_method_call(fbc);
1539 fbc = NULL;
1540 } else if (UNEXPECTED(fbc->common.scope->ce_flags & ZEND_ACC_TRAIT)) {
1541 zend_error(E_DEPRECATED,
1542 "Calling static trait method %s::%s is deprecated, "
1543 "it should only be called on a class using the trait",
1544 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1545 if (EG(exception)) {
1546 return NULL;
1547 }
1548 }
1549 }
1550
1551 return fbc;
1552 }
1553 /* }}} */
1554
zend_class_init_statics(zend_class_entry * class_type)1555 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1556 {
1557 int i;
1558 zval *p;
1559
1560 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1561 if (class_type->parent) {
1562 zend_class_init_statics(class_type->parent);
1563 }
1564
1565 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1566 for (i = 0; i < class_type->default_static_members_count; i++) {
1567 p = &class_type->default_static_members_table[i];
1568 if (Z_TYPE_P(p) == IS_INDIRECT) {
1569 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1570 ZVAL_DEINDIRECT(q);
1571 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1572 } else {
1573 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1574 }
1575 }
1576 }
1577 } /* }}} */
1578
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1579 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1580 {
1581 zval *ret;
1582 zend_class_entry *scope;
1583 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1584 *property_info_ptr = property_info;
1585
1586 if (UNEXPECTED(property_info == NULL)) {
1587 goto undeclared_property;
1588 }
1589
1590 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1591 if (UNEXPECTED(EG(fake_scope))) {
1592 scope = EG(fake_scope);
1593 } else {
1594 scope = zend_get_executed_scope();
1595 }
1596 if (property_info->ce != scope) {
1597 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1598 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1599 if (type != BP_VAR_IS) {
1600 zend_bad_property_access(property_info, ce, property_name);
1601 }
1602 return NULL;
1603 }
1604 }
1605 }
1606
1607 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1608 undeclared_property:
1609 if (type != BP_VAR_IS) {
1610 zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1611 }
1612 return NULL;
1613 }
1614
1615 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1616 if (UNEXPECTED(zend_update_class_constants(ce) != SUCCESS)) {
1617 return NULL;
1618 }
1619 }
1620
1621 /* Ensure static properties are initialized. */
1622 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1623 zend_class_init_statics(ce);
1624 }
1625
1626 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1627 ZVAL_DEINDIRECT(ret);
1628
1629 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1630 && Z_TYPE_P(ret) == IS_UNDEF && ZEND_TYPE_IS_SET(property_info->type))) {
1631 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1632 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1633 return NULL;
1634 }
1635
1636 if (UNEXPECTED(ce->ce_flags & ZEND_ACC_TRAIT)) {
1637 zend_error(E_DEPRECATED,
1638 "Accessing static trait property %s::$%s is deprecated, "
1639 "it should only be accessed on a class using the trait",
1640 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1641 }
1642
1643 return ret;
1644 }
1645 /* }}} */
1646
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1647 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1648 {
1649 zend_property_info *prop_info;
1650 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
1651 }
1652
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)1653 ZEND_API ZEND_COLD bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
1654 {
1655 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1656 return 0;
1657 }
1658 /* }}} */
1659
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)1660 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
1661 {
1662 if (scope) {
1663 zend_throw_error(NULL, "Call to %s %s::%s() from scope %s",
1664 zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name),
1665 ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name)
1666 );
1667 } else {
1668 zend_throw_error(NULL, "Call to %s %s::%s() from global scope", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
1669 }
1670 }
1671 /* }}} */
1672
zend_std_get_constructor(zend_object * zobj)1673 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
1674 {
1675 zend_function *constructor = zobj->ce->constructor;
1676 zend_class_entry *scope;
1677
1678 if (constructor) {
1679 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
1680 if (UNEXPECTED(EG(fake_scope))) {
1681 scope = EG(fake_scope);
1682 } else {
1683 scope = zend_get_executed_scope();
1684 }
1685 if (UNEXPECTED(constructor->common.scope != scope)) {
1686 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
1687 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
1688 zend_bad_constructor_call(constructor, scope);
1689 zend_object_store_ctor_failed(zobj);
1690 constructor = NULL;
1691 }
1692 }
1693 }
1694 }
1695
1696 return constructor;
1697 }
1698 /* }}} */
1699
zend_std_compare_objects(zval * o1,zval * o2)1700 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
1701 {
1702 zend_object *zobj1, *zobj2;
1703
1704 if (Z_TYPE_P(o1) != Z_TYPE_P(o2)) {
1705 /* Object and non-object */
1706 zval *object;
1707 zval *value;
1708 zval casted;
1709 bool object_lhs;
1710 if (Z_TYPE_P(o1) == IS_OBJECT) {
1711 object = o1;
1712 value = o2;
1713 object_lhs = true;
1714 } else {
1715 object = o2;
1716 value = o1;
1717 object_lhs = false;
1718 }
1719 ZEND_ASSERT(Z_TYPE_P(value) != IS_OBJECT);
1720 uint8_t target_type = (Z_TYPE_P(value) == IS_FALSE || Z_TYPE_P(value) == IS_TRUE)
1721 ? _IS_BOOL : Z_TYPE_P(value);
1722 if (Z_OBJ_HT_P(object)->cast_object(Z_OBJ_P(object), &casted, target_type) == FAILURE) {
1723 // TODO: Less crazy.
1724 if (target_type == IS_LONG || target_type == IS_DOUBLE) {
1725 zend_error(E_NOTICE, "Object of class %s could not be converted to %s",
1726 ZSTR_VAL(Z_OBJCE_P(object)->name), zend_get_type_by_const(target_type));
1727 if (target_type == IS_LONG) {
1728 ZVAL_LONG(&casted, 1);
1729 } else {
1730 ZVAL_DOUBLE(&casted, 1.0);
1731 }
1732 } else {
1733 return object_lhs ? 1 : -1;
1734 }
1735 }
1736 int ret = object_lhs ? zend_compare(&casted, value) : zend_compare(value, &casted);
1737 zval_ptr_dtor(&casted);
1738 return ret;
1739 }
1740
1741 zobj1 = Z_OBJ_P(o1);
1742 zobj2 = Z_OBJ_P(o2);
1743
1744 if (zobj1 == zobj2) {
1745 return 0; /* the same object */
1746 }
1747 if (zobj1->ce != zobj2->ce) {
1748 return ZEND_UNCOMPARABLE; /* different classes */
1749 }
1750 if (!zobj1->properties && !zobj2->properties) {
1751 zend_property_info *info;
1752 int i;
1753
1754 if (!zobj1->ce->default_properties_count) {
1755 return 0;
1756 }
1757
1758 /* It's enough to protect only one of the objects.
1759 * The second one may be referenced from the first and this may cause
1760 * false recursion detection.
1761 */
1762 /* use bitwise OR to make only one conditional jump */
1763 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
1764 zend_error_noreturn(E_ERROR, "Nesting level too deep - recursive dependency?");
1765 }
1766 Z_PROTECT_RECURSION_P(o1);
1767
1768 for (i = 0; i < zobj1->ce->default_properties_count; i++) {
1769 zval *p1, *p2;
1770
1771 info = zobj1->ce->properties_info_table[i];
1772
1773 if (!info) {
1774 continue;
1775 }
1776
1777 p1 = OBJ_PROP(zobj1, info->offset);
1778 p2 = OBJ_PROP(zobj2, info->offset);
1779
1780 if (Z_TYPE_P(p1) != IS_UNDEF) {
1781 if (Z_TYPE_P(p2) != IS_UNDEF) {
1782 int ret;
1783
1784 ret = zend_compare(p1, p2);
1785 if (ret != 0) {
1786 Z_UNPROTECT_RECURSION_P(o1);
1787 return ret;
1788 }
1789 } else {
1790 Z_UNPROTECT_RECURSION_P(o1);
1791 return 1;
1792 }
1793 } else {
1794 if (Z_TYPE_P(p2) != IS_UNDEF) {
1795 Z_UNPROTECT_RECURSION_P(o1);
1796 return 1;
1797 }
1798 }
1799 }
1800
1801 Z_UNPROTECT_RECURSION_P(o1);
1802 return 0;
1803 } else {
1804 if (!zobj1->properties) {
1805 rebuild_object_properties(zobj1);
1806 }
1807 if (!zobj2->properties) {
1808 rebuild_object_properties(zobj2);
1809 }
1810 return zend_compare_symbol_tables(zobj1->properties, zobj2->properties);
1811 }
1812 }
1813 /* }}} */
1814
zend_objects_not_comparable(zval * o1,zval * o2)1815 ZEND_API int zend_objects_not_comparable(zval *o1, zval *o2)
1816 {
1817 return ZEND_UNCOMPARABLE;
1818 }
1819
zend_std_has_property(zend_object * zobj,zend_string * name,int has_set_exists,void ** cache_slot)1820 ZEND_API int zend_std_has_property(zend_object *zobj, zend_string *name, int has_set_exists, void **cache_slot) /* {{{ */
1821 {
1822 int result;
1823 zval *value = NULL;
1824 uintptr_t property_offset;
1825 const zend_property_info *prop_info = NULL;
1826 zend_string *tmp_name = NULL;
1827
1828 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
1829
1830 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1831 value = OBJ_PROP(zobj, property_offset);
1832 if (Z_TYPE_P(value) != IS_UNDEF) {
1833 goto found;
1834 }
1835 if (UNEXPECTED(Z_PROP_FLAG_P(value) & IS_PROP_UNINIT)) {
1836 /* Skip __isset() for uninitialized typed properties */
1837 result = 0;
1838 goto exit;
1839 }
1840 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1841 if (EXPECTED(zobj->properties != NULL)) {
1842 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
1843 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
1844
1845 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
1846 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
1847
1848 if (EXPECTED(p->key == name) ||
1849 (EXPECTED(p->h == ZSTR_H(name)) &&
1850 EXPECTED(p->key != NULL) &&
1851 EXPECTED(zend_string_equal_content(p->key, name)))) {
1852 value = &p->val;
1853 goto found;
1854 }
1855 }
1856 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
1857 }
1858 value = zend_hash_find(zobj->properties, name);
1859 if (value) {
1860 if (cache_slot) {
1861 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
1862 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
1863 }
1864 found:
1865 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
1866 result = zend_is_true(value);
1867 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
1868 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
1869 ZVAL_DEREF(value);
1870 result = (Z_TYPE_P(value) != IS_NULL);
1871 } else {
1872 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
1873 result = 1;
1874 }
1875 goto exit;
1876 }
1877 }
1878 } else if (UNEXPECTED(EG(exception))) {
1879 result = 0;
1880 goto exit;
1881 }
1882
1883 result = 0;
1884 if ((has_set_exists != ZEND_PROPERTY_EXISTS) && zobj->ce->__isset) {
1885 uint32_t *guard = zend_get_property_guard(zobj, name);
1886
1887 if (!((*guard) & IN_ISSET)) {
1888 zval rv;
1889
1890 /* have issetter - try with it! */
1891 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
1892 tmp_name = zend_string_copy(name);
1893 }
1894 GC_ADDREF(zobj);
1895 (*guard) |= IN_ISSET; /* prevent circular getting */
1896 zend_std_call_issetter(zobj, name, &rv);
1897 result = zend_is_true(&rv);
1898 zval_ptr_dtor(&rv);
1899 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
1900 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
1901 (*guard) |= IN_GET;
1902 zend_std_call_getter(zobj, name, &rv);
1903 (*guard) &= ~IN_GET;
1904 result = i_zend_is_true(&rv);
1905 zval_ptr_dtor(&rv);
1906 } else {
1907 result = 0;
1908 }
1909 }
1910 (*guard) &= ~IN_ISSET;
1911 OBJ_RELEASE(zobj);
1912 }
1913 }
1914
1915 exit:
1916 zend_tmp_string_release(tmp_name);
1917 return result;
1918 }
1919 /* }}} */
1920
zend_std_get_class_name(const zend_object * zobj)1921 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
1922 {
1923 return zend_string_copy(zobj->ce->name);
1924 }
1925 /* }}} */
1926
zend_std_cast_object_tostring(zend_object * readobj,zval * writeobj,int type)1927 ZEND_API zend_result zend_std_cast_object_tostring(zend_object *readobj, zval *writeobj, int type) /* {{{ */
1928 {
1929 switch (type) {
1930 case IS_STRING: {
1931 zend_class_entry *ce = readobj->ce;
1932 if (ce->__tostring) {
1933 zval retval;
1934 GC_ADDREF(readobj);
1935 zend_call_known_instance_method_with_0_params(ce->__tostring, readobj, &retval);
1936 zend_object_release(readobj);
1937 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
1938 ZVAL_COPY_VALUE(writeobj, &retval);
1939 return SUCCESS;
1940 }
1941 zval_ptr_dtor(&retval);
1942 if (!EG(exception)) {
1943 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
1944 }
1945 }
1946 return FAILURE;
1947 }
1948 case _IS_BOOL:
1949 ZVAL_TRUE(writeobj);
1950 return SUCCESS;
1951 default:
1952 return FAILURE;
1953 }
1954 }
1955 /* }}} */
1956
zend_std_get_closure(zend_object * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr,bool check_only)1957 ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr, bool check_only) /* {{{ */
1958 {
1959 zend_class_entry *ce = obj->ce;
1960 zval *func = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE));
1961
1962 if (func == NULL) {
1963 return FAILURE;
1964 }
1965 *fptr_ptr = Z_FUNC_P(func);
1966
1967 *ce_ptr = ce;
1968 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
1969 if (obj_ptr) {
1970 *obj_ptr = NULL;
1971 }
1972 } else {
1973 if (obj_ptr) {
1974 *obj_ptr = obj;
1975 }
1976 }
1977 return SUCCESS;
1978 }
1979 /* }}} */
1980
zend_std_get_properties_for(zend_object * obj,zend_prop_purpose purpose)1981 ZEND_API HashTable *zend_std_get_properties_for(zend_object *obj, zend_prop_purpose purpose) {
1982 HashTable *ht;
1983 switch (purpose) {
1984 case ZEND_PROP_PURPOSE_DEBUG:
1985 if (obj->handlers->get_debug_info) {
1986 int is_temp;
1987 ht = obj->handlers->get_debug_info(obj, &is_temp);
1988 if (ht && !is_temp) {
1989 GC_TRY_ADDREF(ht);
1990 }
1991 return ht;
1992 }
1993 ZEND_FALLTHROUGH;
1994 case ZEND_PROP_PURPOSE_ARRAY_CAST:
1995 case ZEND_PROP_PURPOSE_SERIALIZE:
1996 case ZEND_PROP_PURPOSE_VAR_EXPORT:
1997 case ZEND_PROP_PURPOSE_JSON:
1998 ht = obj->handlers->get_properties(obj);
1999 if (ht) {
2000 GC_TRY_ADDREF(ht);
2001 }
2002 return ht;
2003 default:
2004 ZEND_UNREACHABLE();
2005 return NULL;
2006 }
2007 }
2008
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)2009 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
2010 zend_object *zobj = Z_OBJ_P(obj);
2011
2012 if (zobj->handlers->get_properties_for) {
2013 return zobj->handlers->get_properties_for(zobj, purpose);
2014 }
2015
2016 return zend_std_get_properties_for(zobj, purpose);
2017 }
2018
2019 ZEND_API const zend_object_handlers std_object_handlers = {
2020 0, /* offset */
2021
2022 zend_object_std_dtor, /* free_obj */
2023 zend_objects_destroy_object, /* dtor_obj */
2024 zend_objects_clone_obj, /* clone_obj */
2025
2026 zend_std_read_property, /* read_property */
2027 zend_std_write_property, /* write_property */
2028 zend_std_read_dimension, /* read_dimension */
2029 zend_std_write_dimension, /* write_dimension */
2030 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
2031 zend_std_has_property, /* has_property */
2032 zend_std_unset_property, /* unset_property */
2033 zend_std_has_dimension, /* has_dimension */
2034 zend_std_unset_dimension, /* unset_dimension */
2035 zend_std_get_properties, /* get_properties */
2036 zend_std_get_method, /* get_method */
2037 zend_std_get_constructor, /* get_constructor */
2038 zend_std_get_class_name, /* get_class_name */
2039 zend_std_cast_object_tostring, /* cast_object */
2040 NULL, /* count_elements */
2041 zend_std_get_debug_info, /* get_debug_info */
2042 zend_std_get_closure, /* get_closure */
2043 zend_std_get_gc, /* get_gc */
2044 NULL, /* do_operation */
2045 zend_std_compare_objects, /* compare */
2046 NULL, /* get_properties_for */
2047 };
2048