1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Jani Lehtimäki <jkl@njet.net> |
14 | Thies C. Arntzen <thies@thieso.net> |
15 | Sascha Schumann <sascha@schumann.cx> |
16 +----------------------------------------------------------------------+
17 */
18
19 /* {{{ includes */
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <errno.h>
23 #include "php.h"
24 #include "php_string.h"
25 #include "php_var.h"
26 #include "zend_lazy_objects.h"
27 #include "zend_smart_str.h"
28 #include "basic_functions.h"
29 #include "php_incomplete_class.h"
30 #include "zend_enum.h"
31 #include "zend_exceptions.h"
32 #include "zend_types.h"
33 /* }}} */
34
35 struct php_serialize_data {
36 HashTable ht;
37 uint32_t n;
38 };
39
40 #define COMMON (is_ref ? "&" : "")
41
php_array_element_dump(zval * zv,zend_ulong index,zend_string * key,int level)42 static void php_array_element_dump(zval *zv, zend_ulong index, zend_string *key, int level) /* {{{ */
43 {
44 if (key == NULL) { /* numeric key */
45 php_printf("%*c[" ZEND_LONG_FMT "]=>\n", level + 1, ' ', index);
46 } else { /* string key */
47 php_printf("%*c[\"", level + 1, ' ');
48 PHPWRITE(ZSTR_VAL(key), ZSTR_LEN(key));
49 php_printf("\"]=>\n");
50 }
51 php_var_dump(zv, level + 2);
52 }
53 /* }}} */
54
php_object_property_dump(zend_property_info * prop_info,zval * zv,zend_ulong index,zend_string * key,int level)55 static void php_object_property_dump(zend_property_info *prop_info, zval *zv, zend_ulong index, zend_string *key, int level) /* {{{ */
56 {
57 const char *prop_name, *class_name;
58
59 if (key == NULL) { /* numeric key */
60 php_printf("%*c[" ZEND_LONG_FMT "]=>\n", level + 1, ' ', index);
61 } else { /* string key */
62 int unmangle = zend_unmangle_property_name(key, &class_name, &prop_name);
63 php_printf("%*c[", level + 1, ' ');
64
65 if (class_name && unmangle == SUCCESS) {
66 if (class_name[0] == '*') {
67 php_printf("\"%s\":protected", prop_name);
68 } else {
69 php_printf("\"%s\":\"%s\":private", prop_name, class_name);
70 }
71 } else {
72 php_printf("\"");
73 PHPWRITE(ZSTR_VAL(key), ZSTR_LEN(key));
74 php_printf("\"");
75 }
76 ZEND_PUTS("]=>\n");
77 }
78
79 if (Z_TYPE_P(zv) == IS_UNDEF) {
80 ZEND_ASSERT(ZEND_TYPE_IS_SET(prop_info->type));
81 zend_string *type_str = zend_type_to_string(prop_info->type);
82 php_printf("%*cuninitialized(%s)\n",
83 level + 1, ' ', ZSTR_VAL(type_str));
84 zend_string_release(type_str);
85 } else {
86 php_var_dump(zv, level + 2);
87 }
88 }
89 /* }}} */
90
php_var_dump_object_prefix(zend_object * obj)91 static const char *php_var_dump_object_prefix(zend_object *obj) {
92 if (EXPECTED(!zend_object_is_lazy(obj))) {
93 return "";
94 }
95
96 if (zend_object_is_lazy_proxy(obj)) {
97 return "lazy proxy ";
98 }
99
100 return "lazy ghost ";
101 }
102
php_var_dump(zval * struc,int level)103 PHPAPI void php_var_dump(zval *struc, int level) /* {{{ */
104 {
105 HashTable *myht;
106 zend_string *class_name;
107 int is_ref = 0;
108 zend_ulong num;
109 zend_string *key;
110 zval *val;
111 uint32_t count;
112
113 if (level > 1) {
114 php_printf("%*c", level - 1, ' ');
115 }
116
117 again:
118 switch (Z_TYPE_P(struc)) {
119 case IS_FALSE:
120 php_printf("%sbool(false)\n", COMMON);
121 break;
122 case IS_TRUE:
123 php_printf("%sbool(true)\n", COMMON);
124 break;
125 case IS_NULL:
126 php_printf("%sNULL\n", COMMON);
127 break;
128 case IS_LONG:
129 php_printf("%sint(" ZEND_LONG_FMT ")\n", COMMON, Z_LVAL_P(struc));
130 break;
131 case IS_DOUBLE:
132 php_printf_unchecked("%sfloat(%.*H)\n", COMMON, (int) PG(serialize_precision), Z_DVAL_P(struc));
133 break;
134 case IS_STRING:
135 php_printf("%sstring(%zd) \"", COMMON, Z_STRLEN_P(struc));
136 PHPWRITE(Z_STRVAL_P(struc), Z_STRLEN_P(struc));
137 PUTS("\"\n");
138 break;
139 case IS_ARRAY:
140 myht = Z_ARRVAL_P(struc);
141 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
142 if (GC_IS_RECURSIVE(myht)) {
143 PUTS("*RECURSION*\n");
144 return;
145 }
146 GC_ADDREF(myht);
147 GC_PROTECT_RECURSION(myht);
148 }
149 count = zend_hash_num_elements(myht);
150 php_printf("%sarray(%d) {\n", COMMON, count);
151 ZEND_HASH_FOREACH_KEY_VAL(myht, num, key, val) {
152 php_array_element_dump(val, num, key, level);
153 } ZEND_HASH_FOREACH_END();
154 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
155 GC_UNPROTECT_RECURSION(myht);
156 GC_DELREF(myht);
157 }
158 if (level > 1) {
159 php_printf("%*c", level-1, ' ');
160 }
161 PUTS("}\n");
162 break;
163 case IS_OBJECT: {
164 zend_class_entry *ce = Z_OBJCE_P(struc);
165 if (ce->ce_flags & ZEND_ACC_ENUM) {
166 zval *case_name_zval = zend_enum_fetch_case_name(Z_OBJ_P(struc));
167 php_printf("%senum(%s::%s)\n", COMMON, ZSTR_VAL(ce->name), Z_STRVAL_P(case_name_zval));
168 return;
169 }
170 zend_object *zobj = Z_OBJ_P(struc);
171 uint32_t *guard = zend_get_recursion_guard(zobj);
172 if (ZEND_GUARD_OR_GC_IS_RECURSIVE(guard, DEBUG, zobj)) {
173 PUTS("*RECURSION*\n");
174 return;
175 }
176 ZEND_GUARD_OR_GC_PROTECT_RECURSION(guard, DEBUG, zobj);
177
178 myht = zend_get_properties_for(struc, ZEND_PROP_PURPOSE_DEBUG);
179 class_name = Z_OBJ_HANDLER_P(struc, get_class_name)(Z_OBJ_P(struc));
180 const char *prefix = php_var_dump_object_prefix(Z_OBJ_P(struc));
181
182 php_printf("%s%sobject(%s)#%d (%d) {\n", COMMON, prefix, ZSTR_VAL(class_name), Z_OBJ_HANDLE_P(struc), myht ? zend_array_count(myht) : 0);
183 zend_string_release_ex(class_name, 0);
184
185 if (myht) {
186 zend_ulong num;
187 zend_string *key;
188 zval *val;
189
190 ZEND_HASH_FOREACH_KEY_VAL(myht, num, key, val) {
191 zend_property_info *prop_info = NULL;
192
193 if (Z_TYPE_P(val) == IS_INDIRECT) {
194 val = Z_INDIRECT_P(val);
195 if (key) {
196 prop_info = zend_get_typed_property_info_for_slot(Z_OBJ_P(struc), val);
197 }
198 }
199
200 if (!Z_ISUNDEF_P(val) || prop_info) {
201 php_object_property_dump(prop_info, val, num, key, level);
202 }
203 } ZEND_HASH_FOREACH_END();
204 zend_release_properties(myht);
205 }
206 if (level > 1) {
207 php_printf("%*c", level-1, ' ');
208 }
209 PUTS("}\n");
210 ZEND_GUARD_OR_GC_UNPROTECT_RECURSION(guard, DEBUG, zobj);
211 break;
212 }
213 case IS_RESOURCE: {
214 const char *type_name = zend_rsrc_list_get_rsrc_type(Z_RES_P(struc));
215 php_printf("%sresource(" ZEND_LONG_FMT ") of type (%s)\n", COMMON, Z_RES_P(struc)->handle, type_name ? type_name : "Unknown");
216 break;
217 }
218 case IS_REFERENCE:
219 //??? hide references with refcount==1 (for compatibility)
220 if (Z_REFCOUNT_P(struc) > 1) {
221 is_ref = 1;
222 }
223 struc = Z_REFVAL_P(struc);
224 goto again;
225 break;
226 default:
227 php_printf("%sUNKNOWN:0\n", COMMON);
228 break;
229 }
230 }
231 /* }}} */
232
233 /* {{{ Dumps a string representation of variable to output */
PHP_FUNCTION(var_dump)234 PHP_FUNCTION(var_dump)
235 {
236 zval *args;
237 int argc;
238 int i;
239
240 ZEND_PARSE_PARAMETERS_START(1, -1)
241 Z_PARAM_VARIADIC('+', args, argc)
242 ZEND_PARSE_PARAMETERS_END();
243
244 for (i = 0; i < argc; i++) {
245 php_var_dump(&args[i], 1);
246 }
247 }
248 /* }}} */
249
zval_array_element_dump(zval * zv,zend_ulong index,zend_string * key,int level)250 static void zval_array_element_dump(zval *zv, zend_ulong index, zend_string *key, int level) /* {{{ */
251 {
252 if (key == NULL) { /* numeric key */
253 php_printf("%*c[" ZEND_LONG_FMT "]=>\n", level + 1, ' ', index);
254 } else { /* string key */
255 php_printf("%*c[\"", level + 1, ' ');
256 PHPWRITE(ZSTR_VAL(key), ZSTR_LEN(key));
257 php_printf("\"]=>\n");
258 }
259 php_debug_zval_dump(zv, level + 2);
260 }
261 /* }}} */
262
zval_object_property_dump(zend_property_info * prop_info,zval * zv,zend_ulong index,zend_string * key,int level)263 static void zval_object_property_dump(zend_property_info *prop_info, zval *zv, zend_ulong index, zend_string *key, int level) /* {{{ */
264 {
265 const char *prop_name, *class_name;
266
267 if (key == NULL) { /* numeric key */
268 php_printf("%*c[" ZEND_LONG_FMT "]=>\n", level + 1, ' ', index);
269 } else { /* string key */
270 zend_unmangle_property_name(key, &class_name, &prop_name);
271 php_printf("%*c[", level + 1, ' ');
272
273 if (class_name) {
274 if (class_name[0] == '*') {
275 php_printf("\"%s\":protected", prop_name);
276 } else {
277 php_printf("\"%s\":\"%s\":private", prop_name, class_name);
278 }
279 } else {
280 php_printf("\"%s\"", prop_name);
281 }
282 ZEND_PUTS("]=>\n");
283 }
284 if (prop_info && Z_TYPE_P(zv) == IS_UNDEF) {
285 zend_string *type_str = zend_type_to_string(prop_info->type);
286 php_printf("%*cuninitialized(%s)\n",
287 level + 1, ' ', ZSTR_VAL(type_str));
288 zend_string_release(type_str);
289 } else {
290 php_debug_zval_dump(zv, level + 2);
291 }
292 }
293 /* }}} */
294
php_debug_zval_dump(zval * struc,int level)295 PHPAPI void php_debug_zval_dump(zval *struc, int level) /* {{{ */
296 {
297 HashTable *myht = NULL;
298 zend_string *class_name;
299 zend_ulong index;
300 zend_string *key;
301 zval *val;
302 uint32_t count;
303 char *packed;
304
305 if (level > 1) {
306 php_printf("%*c", level - 1, ' ');
307 }
308
309 switch (Z_TYPE_P(struc)) {
310 case IS_FALSE:
311 PUTS("bool(false)\n");
312 break;
313 case IS_TRUE:
314 PUTS("bool(true)\n");
315 break;
316 case IS_NULL:
317 PUTS("NULL\n");
318 break;
319 case IS_LONG:
320 php_printf("int(" ZEND_LONG_FMT ")\n", Z_LVAL_P(struc));
321 break;
322 case IS_DOUBLE:
323 php_printf_unchecked("float(%.*H)\n", (int) PG(serialize_precision), Z_DVAL_P(struc));
324 break;
325 case IS_STRING:
326 php_printf("string(%zd) \"", Z_STRLEN_P(struc));
327 PHPWRITE(Z_STRVAL_P(struc), Z_STRLEN_P(struc));
328 if (Z_REFCOUNTED_P(struc)) {
329 php_printf("\" refcount(%u)\n", Z_REFCOUNT_P(struc));
330 } else {
331 PUTS("\" interned\n");
332 }
333 break;
334 case IS_ARRAY:
335 myht = Z_ARRVAL_P(struc);
336 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
337 if (GC_IS_RECURSIVE(myht)) {
338 PUTS("*RECURSION*\n");
339 return;
340 }
341 GC_ADDREF(myht);
342 GC_PROTECT_RECURSION(myht);
343 }
344 count = zend_hash_num_elements(myht);
345 packed = HT_IS_PACKED(myht) ? "packed " : "";
346 if (Z_REFCOUNTED_P(struc)) {
347 /* -1 because of ADDREF above. */
348 php_printf("array(%d) %srefcount(%u){\n", count, packed, Z_REFCOUNT_P(struc) - 1);
349 } else {
350 php_printf("array(%d) %sinterned {\n", count, packed);
351 }
352 ZEND_HASH_FOREACH_KEY_VAL(myht, index, key, val) {
353 zval_array_element_dump(val, index, key, level);
354 } ZEND_HASH_FOREACH_END();
355 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
356 GC_UNPROTECT_RECURSION(myht);
357 GC_DELREF(myht);
358 }
359 if (level > 1) {
360 php_printf("%*c", level - 1, ' ');
361 }
362 PUTS("}\n");
363 break;
364 case IS_OBJECT: {
365 /* Check if this is already recursing on the object before calling zend_get_properties_for,
366 * to allow infinite recursion detection to work even if classes return temporary arrays,
367 * and to avoid the need to update the properties table in place to reflect the state
368 * if the result won't be used. (https://github.com/php/php-src/issues/8044) */
369 zend_object *zobj = Z_OBJ_P(struc);
370 uint32_t *guard = zend_get_recursion_guard(zobj);
371 if (ZEND_GUARD_OR_GC_IS_RECURSIVE(guard, DEBUG, zobj)) {
372 PUTS("*RECURSION*\n");
373 return;
374 }
375 ZEND_GUARD_OR_GC_PROTECT_RECURSION(guard, DEBUG, zobj);
376
377 myht = zend_get_properties_for(struc, ZEND_PROP_PURPOSE_DEBUG);
378 class_name = Z_OBJ_HANDLER_P(struc, get_class_name)(Z_OBJ_P(struc));
379 const char *prefix = php_var_dump_object_prefix(Z_OBJ_P(struc));
380
381 php_printf("%sobject(%s)#%d (%d) refcount(%u){\n", prefix, ZSTR_VAL(class_name), Z_OBJ_HANDLE_P(struc), myht ? zend_array_count(myht) : 0, Z_REFCOUNT_P(struc));
382 zend_string_release_ex(class_name, 0);
383 if (myht) {
384 ZEND_HASH_FOREACH_KEY_VAL(myht, index, key, val) {
385 zend_property_info *prop_info = NULL;
386
387 if (Z_TYPE_P(val) == IS_INDIRECT) {
388 val = Z_INDIRECT_P(val);
389 if (key) {
390 prop_info = zend_get_typed_property_info_for_slot(Z_OBJ_P(struc), val);
391 }
392 }
393
394 if (!Z_ISUNDEF_P(val) || prop_info) {
395 zval_object_property_dump(prop_info, val, index, key, level);
396 }
397 } ZEND_HASH_FOREACH_END();
398 zend_release_properties(myht);
399 }
400 if (level > 1) {
401 php_printf("%*c", level - 1, ' ');
402 }
403 PUTS("}\n");
404 ZEND_GUARD_OR_GC_UNPROTECT_RECURSION(guard, DEBUG, zobj);
405 break;
406 }
407 case IS_RESOURCE: {
408 const char *type_name = zend_rsrc_list_get_rsrc_type(Z_RES_P(struc));
409 php_printf("resource(" ZEND_LONG_FMT ") of type (%s) refcount(%u)\n", Z_RES_P(struc)->handle, type_name ? type_name : "Unknown", Z_REFCOUNT_P(struc));
410 break;
411 }
412 case IS_REFERENCE:
413 php_printf("reference refcount(%u) {\n", Z_REFCOUNT_P(struc));
414 php_debug_zval_dump(Z_REFVAL_P(struc), level + 2);
415 if (level > 1) {
416 php_printf("%*c", level - 1, ' ');
417 }
418 PUTS("}\n");
419 break;
420 default:
421 PUTS("UNKNOWN:0\n");
422 break;
423 }
424 }
425 /* }}} */
426
427 /* {{{ Dumps a string representation of an internal zend value to output. */
PHP_FUNCTION(debug_zval_dump)428 PHP_FUNCTION(debug_zval_dump)
429 {
430 zval *args;
431 int argc;
432 int i;
433
434 ZEND_PARSE_PARAMETERS_START(1, -1)
435 Z_PARAM_VARIADIC('+', args, argc)
436 ZEND_PARSE_PARAMETERS_END();
437
438 for (i = 0; i < argc; i++) {
439 php_debug_zval_dump(&args[i], 1);
440 }
441 }
442 /* }}} */
443
444 #define buffer_append_spaces(buf, num_spaces) \
445 do { \
446 char *tmp_spaces; \
447 size_t tmp_spaces_len; \
448 tmp_spaces_len = spprintf(&tmp_spaces, 0,"%*c", num_spaces, ' '); \
449 smart_str_appendl(buf, tmp_spaces, tmp_spaces_len); \
450 efree(tmp_spaces); \
451 } while(0);
452
php_array_element_export(zval * zv,zend_ulong index,zend_string * key,int level,smart_str * buf)453 static zend_result php_array_element_export(zval *zv, zend_ulong index, zend_string *key, int level, smart_str *buf) /* {{{ */
454 {
455 if (key == NULL) { /* numeric key */
456 buffer_append_spaces(buf, level+1);
457 smart_str_append_long(buf, (zend_long) index);
458 smart_str_appendl(buf, " => ", 4);
459
460 } else { /* string key */
461 zend_string *tmp_str;
462 zend_string *ckey = php_addcslashes(key, "'\\", 2);
463 tmp_str = php_str_to_str(ZSTR_VAL(ckey), ZSTR_LEN(ckey), "\0", 1, "' . \"\\0\" . '", 12);
464
465 buffer_append_spaces(buf, level + 1);
466
467 smart_str_appendc(buf, '\'');
468 smart_str_append(buf, tmp_str);
469 smart_str_appendl(buf, "' => ", 5);
470
471 zend_string_free(ckey);
472 zend_string_free(tmp_str);
473 }
474 zend_result result = php_var_export_ex(zv, level + 2, buf);
475
476 smart_str_appendc(buf, ',');
477 smart_str_appendc(buf, '\n');
478
479 return result;
480 }
481 /* }}} */
482
php_object_element_export(zval * zv,zend_ulong index,zend_string * key,int level,smart_str * buf)483 static zend_result php_object_element_export(zval *zv, zend_ulong index, zend_string *key, int level, smart_str *buf) /* {{{ */
484 {
485 buffer_append_spaces(buf, level + 2);
486 if (key != NULL) {
487 const char *class_name, *prop_name;
488 size_t prop_name_len;
489 zend_string *pname_esc;
490
491 zend_unmangle_property_name_ex(key, &class_name, &prop_name, &prop_name_len);
492 pname_esc = php_addcslashes_str(prop_name, prop_name_len, "'\\", 2);
493
494 smart_str_appendc(buf, '\'');
495 smart_str_append(buf, pname_esc);
496 smart_str_appendc(buf, '\'');
497 zend_string_release_ex(pname_esc, 0);
498 } else {
499 smart_str_append_long(buf, (zend_long) index);
500 }
501 smart_str_appendl(buf, " => ", 4);
502 zend_result result = php_var_export_ex(zv, level + 2, buf);
503 smart_str_appendc(buf, ',');
504 smart_str_appendc(buf, '\n');
505
506 return result;
507 }
508 /* }}} */
509
php_var_export_ex(zval * struc,int level,smart_str * buf)510 PHPAPI zend_result php_var_export_ex(zval *struc, int level, smart_str *buf) /* {{{ */
511 {
512 HashTable *myht;
513 zend_string *ztmp, *ztmp2;
514 zend_ulong index;
515 zend_string *key;
516 zval *val;
517
518 again:
519 switch (Z_TYPE_P(struc)) {
520 case IS_FALSE:
521 smart_str_appendl(buf, "false", 5);
522 break;
523 case IS_TRUE:
524 smart_str_appendl(buf, "true", 4);
525 break;
526 case IS_NULL:
527 smart_str_appendl(buf, "NULL", 4);
528 break;
529 case IS_LONG:
530 /* INT_MIN as a literal will be parsed as a float. Emit something like
531 * -9223372036854775807-1 to avoid this. */
532 if (Z_LVAL_P(struc) == ZEND_LONG_MIN) {
533 smart_str_append_long(buf, ZEND_LONG_MIN+1);
534 smart_str_appends(buf, "-1");
535 break;
536 }
537 smart_str_append_long(buf, Z_LVAL_P(struc));
538 break;
539 case IS_DOUBLE:
540 smart_str_append_double(
541 buf, Z_DVAL_P(struc), (int) PG(serialize_precision), /* zero_fraction */ true);
542 break;
543 case IS_STRING:
544 ztmp = php_addcslashes(Z_STR_P(struc), "'\\", 2);
545 ztmp2 = php_str_to_str(ZSTR_VAL(ztmp), ZSTR_LEN(ztmp), "\0", 1, "' . \"\\0\" . '", 12);
546
547 smart_str_appendc(buf, '\'');
548 smart_str_append(buf, ztmp2);
549 smart_str_appendc(buf, '\'');
550
551 zend_string_free(ztmp);
552 zend_string_free(ztmp2);
553 break;
554 case IS_ARRAY:
555 myht = Z_ARRVAL_P(struc);
556 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
557 if (GC_IS_RECURSIVE(myht)) {
558 smart_str_appendl(buf, "NULL", 4);
559 zend_error(E_WARNING, "var_export does not handle circular references");
560 return SUCCESS;
561 }
562 GC_ADDREF(myht);
563 GC_PROTECT_RECURSION(myht);
564 }
565 if (level > 1) {
566 smart_str_appendc(buf, '\n');
567 buffer_append_spaces(buf, level - 1);
568 }
569 smart_str_appendl(buf, "array (\n", 8);
570 ZEND_HASH_FOREACH_KEY_VAL(myht, index, key, val) {
571 if (php_array_element_export(val, index, key, level, buf) == FAILURE) {
572 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
573 GC_UNPROTECT_RECURSION(myht);
574 GC_DELREF(myht);
575 }
576 return FAILURE;
577 }
578 } ZEND_HASH_FOREACH_END();
579 if (!(GC_FLAGS(myht) & GC_IMMUTABLE)) {
580 GC_UNPROTECT_RECURSION(myht);
581 GC_DELREF(myht);
582 }
583 if (level > 1) {
584 buffer_append_spaces(buf, level - 1);
585 }
586 smart_str_appendc(buf, ')');
587
588 break;
589
590 case IS_OBJECT: {
591 /* Check if this is already recursing on the object before calling zend_get_properties_for,
592 * to allow infinite recursion detection to work even if classes return temporary arrays,
593 * and to avoid the need to update the properties table in place to reflect the state
594 * if the result won't be used. (https://github.com/php/php-src/issues/8044) */
595 zend_object *zobj = Z_OBJ_P(struc);
596 uint32_t *guard = zend_get_recursion_guard(zobj);
597 if (ZEND_GUARD_OR_GC_IS_RECURSIVE(guard, EXPORT, zobj)) {
598 smart_str_appendl(buf, "NULL", 4);
599 zend_error(E_WARNING, "var_export does not handle circular references");
600 return SUCCESS;
601 }
602 ZEND_GUARD_OR_GC_PROTECT_RECURSION(guard, EXPORT, zobj);
603 myht = zend_get_properties_for(struc, ZEND_PROP_PURPOSE_VAR_EXPORT);
604 if (level > 1) {
605 smart_str_appendc(buf, '\n');
606 buffer_append_spaces(buf, level - 1);
607 }
608
609 zend_class_entry *ce = Z_OBJCE_P(struc);
610 bool is_enum = ce->ce_flags & ZEND_ACC_ENUM;
611
612 /* stdClass has no __set_state method, but can be casted to */
613 if (ce == zend_standard_class_def) {
614 smart_str_appendl(buf, "(object) array(\n", 16);
615 } else {
616 smart_str_appendc(buf, '\\');
617 smart_str_append(buf, ce->name);
618 if (is_enum) {
619 zend_object *zobj = Z_OBJ_P(struc);
620 zval *case_name_zval = zend_enum_fetch_case_name(zobj);
621 smart_str_appendl(buf, "::", 2);
622 smart_str_append(buf, Z_STR_P(case_name_zval));
623 } else {
624 smart_str_appendl(buf, "::__set_state(array(\n", 21);
625 }
626 }
627
628 if (myht) {
629 if (!is_enum) {
630 ZEND_HASH_FOREACH_KEY_VAL_IND(myht, index, key, val) {
631 /* data is IS_PTR for properties with hooks. */
632 zval tmp;
633 if (UNEXPECTED(Z_TYPE_P(val) == IS_PTR)) {
634 zend_property_info *prop_info = Z_PTR_P(val);
635 if ((prop_info->flags & ZEND_ACC_VIRTUAL) && !prop_info->hooks[ZEND_PROPERTY_HOOK_GET]) {
636 continue;
637 }
638 const char *unmangled_name_cstr = zend_get_unmangled_property_name(prop_info->name);
639 zend_string *unmangled_name = zend_string_init(unmangled_name_cstr, strlen(unmangled_name_cstr), false);
640 val = zend_read_property_ex(prop_info->ce, zobj, unmangled_name, /* silent */ true, &tmp);
641 zend_string_release_ex(unmangled_name, false);
642 if (EG(exception)) {
643 ZEND_GUARD_OR_GC_UNPROTECT_RECURSION(guard, EXPORT, zobj);
644 zend_release_properties(myht);
645 return FAILURE;
646 }
647 }
648 php_object_element_export(val, index, key, level, buf);
649 if (val == &tmp) {
650 zval_ptr_dtor(val);
651 }
652 } ZEND_HASH_FOREACH_END();
653 }
654 zend_release_properties(myht);
655 }
656 ZEND_GUARD_OR_GC_UNPROTECT_RECURSION(guard, EXPORT, zobj);
657 if (level > 1 && !is_enum) {
658 buffer_append_spaces(buf, level - 1);
659 }
660 if (ce == zend_standard_class_def) {
661 smart_str_appendc(buf, ')');
662 } else if (!is_enum) {
663 smart_str_appendl(buf, "))", 2);
664 }
665
666 break;
667 }
668 case IS_REFERENCE:
669 struc = Z_REFVAL_P(struc);
670 goto again;
671 break;
672 default:
673 smart_str_appendl(buf, "NULL", 4);
674 break;
675 }
676
677 return SUCCESS;
678 }
679 /* }}} */
680
681 /* FOR BC reasons, this will always perform and then print */
php_var_export(zval * struc,int level)682 PHPAPI void php_var_export(zval *struc, int level) /* {{{ */
683 {
684 smart_str buf = {0};
685 zend_result result = php_var_export_ex(struc, level, &buf);
686 smart_str_0(&buf);
687 if (result == SUCCESS) {
688 PHPWRITE(ZSTR_VAL(buf.s), ZSTR_LEN(buf.s));
689 }
690 smart_str_free(&buf);
691 }
692 /* }}} */
693
694 /* {{{ Outputs or returns a string representation of a variable */
PHP_FUNCTION(var_export)695 PHP_FUNCTION(var_export)
696 {
697 zval *var;
698 bool return_output = 0;
699 smart_str buf = {0};
700
701 ZEND_PARSE_PARAMETERS_START(1, 2)
702 Z_PARAM_ZVAL(var)
703 Z_PARAM_OPTIONAL
704 Z_PARAM_BOOL(return_output)
705 ZEND_PARSE_PARAMETERS_END();
706
707 zend_result result = php_var_export_ex(var, 1, &buf);
708 smart_str_0 (&buf);
709
710 if (result == FAILURE) {
711 smart_str_free(&buf);
712 } else if (return_output) {
713 RETURN_STR(smart_str_extract(&buf));
714 } else {
715 PHPWRITE(ZSTR_VAL(buf.s), ZSTR_LEN(buf.s));
716 smart_str_free(&buf);
717 }
718 }
719 /* }}} */
720
721 static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_data_t var_hash, bool in_rcn_array, bool is_root);
722
723 /**
724 * @param bool in_rcn_array Whether the element appears in a potentially nested array with RC > 1.
725 */
php_add_var_hash(php_serialize_data_t data,zval * var,bool in_rcn_array)726 static inline zend_long php_add_var_hash(php_serialize_data_t data, zval *var, bool in_rcn_array) /* {{{ */
727 {
728 zval *zv;
729 zend_ulong key;
730 bool is_ref = Z_ISREF_P(var);
731
732 data->n += 1;
733
734 if (is_ref) {
735 /* pass */
736 } else if (Z_TYPE_P(var) != IS_OBJECT) {
737 return 0;
738 } else if (!in_rcn_array
739 && Z_REFCOUNT_P(var) == 1
740 && (Z_OBJ_P(var)->properties == NULL || GC_REFCOUNT(Z_OBJ_P(var)->properties) == 1)) {
741 return 0;
742 }
743
744 /* References to objects are treated as if the reference didn't exist */
745 if (is_ref && Z_TYPE_P(Z_REFVAL_P(var)) == IS_OBJECT) {
746 var = Z_REFVAL_P(var);
747 }
748
749 /* Index for the variable is stored using the numeric value of the pointer to
750 * the zend_refcounted struct */
751 key = (zend_ulong) (uintptr_t) Z_COUNTED_P(var);
752 zv = zend_hash_index_find(&data->ht, key);
753
754 if (zv) {
755 /* References are only counted once, undo the data->n increment above */
756 if (is_ref && Z_LVAL_P(zv) != -1) {
757 data->n -= 1;
758 }
759
760 return Z_LVAL_P(zv);
761 } else {
762 zval zv_n;
763 ZVAL_LONG(&zv_n, data->n);
764 zend_hash_index_add_new(&data->ht, key, &zv_n);
765
766 /* Additionally to the index, we also store the variable, to ensure that it is
767 * not destroyed during serialization and its pointer reused. The variable is
768 * stored at the numeric value of the pointer + 1, which cannot be the location
769 * of another zend_refcounted structure. */
770 zend_hash_index_add_new(&data->ht, key + 1, var);
771 Z_ADDREF_P(var);
772
773 return 0;
774 }
775 }
776 /* }}} */
777
php_var_serialize_long(smart_str * buf,zend_long val)778 static inline void php_var_serialize_long(smart_str *buf, zend_long val) /* {{{ */
779 {
780 char b[32];
781 char *s = zend_print_long_to_buf(b + sizeof(b) - 1, val);
782 size_t l = b + sizeof(b) - 1 - s;
783 char *res = smart_str_extend(buf, 2 + l + 1);
784 res = zend_mempcpy(res, "i:", 2);
785 memcpy(res, s, l);
786 res[l] = ';';
787 }
788 /* }}} */
789
php_var_serialize_string(smart_str * buf,char * str,size_t len)790 static inline void php_var_serialize_string(smart_str *buf, char *str, size_t len) /* {{{ */
791 {
792 char b[32];
793 char *s = zend_print_long_to_buf(b + sizeof(b) - 1, len);
794 size_t l = b + sizeof(b) - 1 - s;
795 char *res = smart_str_extend(buf, 2 + l + 2 + len + 2);
796 res = zend_mempcpy(res, "s:", 2);
797 res = zend_mempcpy(res, s, l);
798 res = zend_mempcpy(res, ":\"", 2);
799 res = zend_mempcpy(res, str, len);
800 memcpy(res, "\";", 2);
801 }
802 /* }}} */
803
php_var_serialize_class_name(smart_str * buf,zval * struc)804 static inline bool php_var_serialize_class_name(smart_str *buf, zval *struc) /* {{{ */
805 {
806 char b[32];
807 PHP_CLASS_ATTRIBUTES;
808
809 PHP_SET_CLASS_ATTRIBUTES(struc);
810 size_t class_name_len = ZSTR_LEN(class_name);
811 char *s = zend_print_long_to_buf(b + sizeof(b) - 1, class_name_len);
812 size_t l = b + sizeof(b) - 1 - s;
813 char *res = smart_str_extend(buf, 2 + l + 2 + class_name_len + 2);
814 res = zend_mempcpy(res, "O:", 2);
815 res = zend_mempcpy(res, s, l);
816 res = zend_mempcpy(res, ":\"", 2);
817 res = zend_mempcpy(res, ZSTR_VAL(class_name), class_name_len);
818 memcpy(res, "\":", 2);
819 PHP_CLEANUP_CLASS_ATTRIBUTES();
820 return incomplete_class;
821 }
822 /* }}} */
823
php_var_serialize_call_sleep(zend_object * obj,zend_function * fn)824 static HashTable* php_var_serialize_call_sleep(zend_object *obj, zend_function *fn) /* {{{ */
825 {
826 zval retval;
827
828 BG(serialize_lock)++;
829 zend_call_known_instance_method(fn, obj, &retval, /* param_count */ 0, /* params */ NULL);
830 BG(serialize_lock)--;
831
832 if (Z_ISUNDEF(retval) || EG(exception)) {
833 zval_ptr_dtor(&retval);
834 return NULL;
835 }
836
837 if (Z_TYPE(retval) != IS_ARRAY) {
838 zval_ptr_dtor(&retval);
839 php_error_docref(NULL, E_WARNING, "%s::__sleep() should return an array only containing the names of instance-variables to serialize", ZSTR_VAL(obj->ce->name));
840 return NULL;
841 }
842
843 return Z_ARRVAL(retval);
844 }
845 /* }}} */
846
php_var_serialize_call_magic_serialize(zval * retval,zval * obj)847 static int php_var_serialize_call_magic_serialize(zval *retval, zval *obj) /* {{{ */
848 {
849 BG(serialize_lock)++;
850 zend_call_known_instance_method_with_0_params(
851 Z_OBJCE_P(obj)->__serialize, Z_OBJ_P(obj), retval);
852 BG(serialize_lock)--;
853
854 if (EG(exception)) {
855 zval_ptr_dtor(retval);
856 return FAILURE;
857 }
858
859 if (Z_TYPE_P(retval) != IS_ARRAY) {
860 zval_ptr_dtor(retval);
861 zend_type_error("%s::__serialize() must return an array", ZSTR_VAL(Z_OBJCE_P(obj)->name));
862 return FAILURE;
863 }
864
865 return SUCCESS;
866 }
867 /* }}} */
868
php_var_serialize_try_add_sleep_prop(HashTable * ht,HashTable * props,zend_string * name,zend_string * error_name,zval * struc)869 static int php_var_serialize_try_add_sleep_prop(
870 HashTable *ht, HashTable *props, zend_string *name, zend_string *error_name, zval *struc) /* {{{ */
871 {
872 zval *val = zend_hash_find(props, name);
873 if (val == NULL) {
874 return FAILURE;
875 }
876
877 if (Z_TYPE_P(val) == IS_INDIRECT) {
878 val = Z_INDIRECT_P(val);
879 if (Z_TYPE_P(val) == IS_UNDEF) {
880 zend_property_info *info = zend_get_typed_property_info_for_slot(Z_OBJ_P(struc), val);
881 if (info) {
882 return SUCCESS;
883 }
884 return FAILURE;
885 }
886 }
887
888 if (!zend_hash_add(ht, name, val)) {
889 php_error_docref(NULL, E_WARNING,
890 "\"%s\" is returned from __sleep() multiple times", ZSTR_VAL(error_name));
891 return SUCCESS;
892 }
893
894 Z_TRY_ADDREF_P(val);
895 return SUCCESS;
896 }
897 /* }}} */
898
php_var_serialize_get_sleep_props(HashTable * ht,zval * struc,HashTable * sleep_retval)899 static int php_var_serialize_get_sleep_props(
900 HashTable *ht, zval *struc, HashTable *sleep_retval) /* {{{ */
901 {
902 zend_class_entry *ce = Z_OBJCE_P(struc);
903 HashTable *props = zend_get_properties_for(struc, ZEND_PROP_PURPOSE_SERIALIZE);
904 zval *name_val;
905 int retval = SUCCESS;
906
907 zend_hash_init(ht, zend_hash_num_elements(sleep_retval), NULL, ZVAL_PTR_DTOR, 0);
908 /* TODO: Rewrite this by fetching the property info instead of trying out different
909 * name manglings? */
910 ZEND_HASH_FOREACH_VAL_IND(sleep_retval, name_val) {
911 zend_string *name, *tmp_name, *priv_name, *prot_name;
912
913 ZVAL_DEREF(name_val);
914 if (Z_TYPE_P(name_val) != IS_STRING) {
915 php_error_docref(NULL, E_WARNING,
916 "%s::__sleep() should return an array only containing the names of instance-variables to serialize",
917 ZSTR_VAL(ce->name));
918 }
919
920 name = zval_get_tmp_string(name_val, &tmp_name);
921 if (php_var_serialize_try_add_sleep_prop(ht, props, name, name, struc) == SUCCESS) {
922 zend_tmp_string_release(tmp_name);
923 continue;
924 }
925
926 if (EG(exception)) {
927 zend_tmp_string_release(tmp_name);
928 retval = FAILURE;
929 break;
930 }
931
932 priv_name = zend_mangle_property_name(
933 ZSTR_VAL(ce->name), ZSTR_LEN(ce->name),
934 ZSTR_VAL(name), ZSTR_LEN(name), ce->type & ZEND_INTERNAL_CLASS);
935 if (php_var_serialize_try_add_sleep_prop(ht, props, priv_name, name, struc) == SUCCESS) {
936 zend_tmp_string_release(tmp_name);
937 zend_string_release(priv_name);
938 continue;
939 }
940 zend_string_release(priv_name);
941
942 if (EG(exception)) {
943 zend_tmp_string_release(tmp_name);
944 retval = FAILURE;
945 break;
946 }
947
948 prot_name = zend_mangle_property_name(
949 "*", 1, ZSTR_VAL(name), ZSTR_LEN(name), ce->type & ZEND_INTERNAL_CLASS);
950 if (php_var_serialize_try_add_sleep_prop(ht, props, prot_name, name, struc) == SUCCESS) {
951 zend_tmp_string_release(tmp_name);
952 zend_string_release(prot_name);
953 continue;
954 }
955 zend_string_release(prot_name);
956
957 if (EG(exception)) {
958 zend_tmp_string_release(tmp_name);
959 retval = FAILURE;
960 break;
961 }
962
963 php_error_docref(NULL, E_WARNING,
964 "\"%s\" returned as member variable from __sleep() but does not exist", ZSTR_VAL(name));
965 zend_tmp_string_release(tmp_name);
966 } ZEND_HASH_FOREACH_END();
967
968 zend_release_properties(props);
969 return retval;
970 }
971 /* }}} */
972
php_var_serialize_nested_data(smart_str * buf,zval * struc,HashTable * ht,uint32_t count,bool incomplete_class,php_serialize_data_t var_hash,bool in_rcn_array)973 static void php_var_serialize_nested_data(smart_str *buf, zval *struc, HashTable *ht, uint32_t count, bool incomplete_class, php_serialize_data_t var_hash, bool in_rcn_array) /* {{{ */
974 {
975 smart_str_append_unsigned(buf, count);
976 smart_str_appendl(buf, ":{", 2);
977 if (count > 0) {
978 zend_string *key;
979 zval *data;
980 zend_ulong index;
981
982 ZEND_HASH_FOREACH_KEY_VAL_IND(ht, index, key, data) {
983 if (incomplete_class && zend_string_equals_literal(key, MAGIC_MEMBER)) {
984 incomplete_class = 0;
985 continue;
986 }
987
988 if (!key) {
989 php_var_serialize_long(buf, index);
990 } else {
991 php_var_serialize_string(buf, ZSTR_VAL(key), ZSTR_LEN(key));
992 }
993
994 if (Z_ISREF_P(data) && Z_REFCOUNT_P(data) == 1) {
995 data = Z_REFVAL_P(data);
996 }
997
998 /* we should still add element even if it's not OK,
999 * since we already wrote the length of the array before */
1000 if (Z_TYPE_P(data) == IS_ARRAY) {
1001 if (UNEXPECTED(Z_IS_RECURSIVE_P(data))
1002 || UNEXPECTED(Z_TYPE_P(struc) == IS_ARRAY && Z_ARR_P(data) == Z_ARR_P(struc))) {
1003 php_add_var_hash(var_hash, struc, in_rcn_array);
1004 smart_str_appendl(buf, "N;", 2);
1005 } else {
1006 if (Z_REFCOUNTED_P(data)) {
1007 Z_PROTECT_RECURSION_P(data);
1008 }
1009 php_var_serialize_intern(buf, data, var_hash, in_rcn_array, false);
1010 if (Z_REFCOUNTED_P(data)) {
1011 Z_UNPROTECT_RECURSION_P(data);
1012 }
1013 }
1014 } else {
1015 php_var_serialize_intern(buf, data, var_hash, in_rcn_array, false);
1016 }
1017 } ZEND_HASH_FOREACH_END();
1018 }
1019 smart_str_appendc(buf, '}');
1020 }
1021 /* }}} */
1022
php_var_serialize_class(smart_str * buf,zval * struc,HashTable * ht,php_serialize_data_t var_hash)1023 static void php_var_serialize_class(smart_str *buf, zval *struc, HashTable *ht, php_serialize_data_t var_hash) /* {{{ */
1024 {
1025 HashTable props;
1026
1027 if (php_var_serialize_get_sleep_props(&props, struc, ht) == SUCCESS) {
1028 php_var_serialize_class_name(buf, struc);
1029 php_var_serialize_nested_data(
1030 buf, struc, &props, zend_hash_num_elements(&props), /* incomplete_class */ 0, var_hash, GC_REFCOUNT(&props) > 1);
1031 }
1032 zend_hash_destroy(&props);
1033 }
1034 /* }}} */
1035
php_serialize_check_stack_limit(void)1036 static zend_always_inline bool php_serialize_check_stack_limit(void)
1037 {
1038 #ifdef ZEND_CHECK_STACK_LIMIT
1039 if (UNEXPECTED(zend_call_stack_overflowed(EG(stack_limit)))) {
1040 zend_call_stack_size_error();
1041 return true;
1042 }
1043 #endif
1044 return false;
1045 }
1046
php_var_serialize_intern(smart_str * buf,zval * struc,php_serialize_data_t var_hash,bool in_rcn_array,bool is_root)1047 static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_data_t var_hash, bool in_rcn_array, bool is_root) /* {{{ */
1048 {
1049 zend_long var_already;
1050 HashTable *myht;
1051
1052 if (EG(exception)) {
1053 return;
1054 }
1055
1056 if (UNEXPECTED(php_serialize_check_stack_limit())) {
1057 return;
1058 }
1059
1060 if (var_hash && (var_already = php_add_var_hash(var_hash, struc, in_rcn_array))) {
1061 if (var_already == -1) {
1062 /* Reference to an object that failed to serialize, replace with null. */
1063 smart_str_appendl(buf, "N;", 2);
1064 return;
1065 } else if (Z_ISREF_P(struc)) {
1066 smart_str_appendl(buf, "R:", 2);
1067 smart_str_append_long(buf, var_already);
1068 smart_str_appendc(buf, ';');
1069 return;
1070 } else if (Z_TYPE_P(struc) == IS_OBJECT) {
1071 smart_str_appendl(buf, "r:", 2);
1072 smart_str_append_long(buf, var_already);
1073 smart_str_appendc(buf, ';');
1074 return;
1075 }
1076 }
1077
1078 again:
1079 switch (Z_TYPE_P(struc)) {
1080 case IS_FALSE:
1081 smart_str_appendl(buf, "b:0;", 4);
1082 return;
1083
1084 case IS_TRUE:
1085 smart_str_appendl(buf, "b:1;", 4);
1086 return;
1087
1088 case IS_NULL:
1089 smart_str_appendl(buf, "N;", 2);
1090 return;
1091
1092 case IS_LONG:
1093 php_var_serialize_long(buf, Z_LVAL_P(struc));
1094 return;
1095
1096 case IS_DOUBLE: {
1097 char tmp_str[ZEND_DOUBLE_MAX_LENGTH];
1098 zend_gcvt(Z_DVAL_P(struc), (int)PG(serialize_precision), '.', 'E', tmp_str);
1099
1100 size_t len = strlen(tmp_str);
1101 char *res = smart_str_extend(buf, 2 + len + 1);
1102 res = zend_mempcpy(res, "d:", 2);
1103 memcpy(res, tmp_str, len);
1104 res[len] = ';';
1105 return;
1106 }
1107
1108 case IS_STRING:
1109 php_var_serialize_string(buf, Z_STRVAL_P(struc), Z_STRLEN_P(struc));
1110 return;
1111
1112 case IS_OBJECT: {
1113 zend_class_entry *ce = Z_OBJCE_P(struc);
1114 bool incomplete_class;
1115 uint32_t count;
1116
1117 if (ce->ce_flags & ZEND_ACC_NOT_SERIALIZABLE) {
1118 zend_throw_exception_ex(NULL, 0, "Serialization of '%s' is not allowed",
1119 ZSTR_VAL(ce->name));
1120 return;
1121 }
1122
1123 if (ce->ce_flags & ZEND_ACC_ENUM) {
1124 PHP_CLASS_ATTRIBUTES;
1125
1126 zval *case_name_zval = zend_enum_fetch_case_name(Z_OBJ_P(struc));
1127
1128 PHP_SET_CLASS_ATTRIBUTES(struc);
1129 smart_str_appendl(buf, "E:", 2);
1130 smart_str_append_unsigned(buf, ZSTR_LEN(class_name) + strlen(":") + Z_STRLEN_P(case_name_zval));
1131 smart_str_appendl(buf, ":\"", 2);
1132 smart_str_append(buf, class_name);
1133 smart_str_appendc(buf, ':');
1134 smart_str_append(buf, Z_STR_P(case_name_zval));
1135 smart_str_appendl(buf, "\";", 2);
1136 PHP_CLEANUP_CLASS_ATTRIBUTES();
1137 return;
1138 }
1139
1140 if (ce->__serialize) {
1141 zval retval, obj;
1142 zend_string *key;
1143 zval *data;
1144 zend_ulong index;
1145
1146 ZVAL_OBJ_COPY(&obj, Z_OBJ_P(struc));
1147 if (php_var_serialize_call_magic_serialize(&retval, &obj) == FAILURE) {
1148 if (!EG(exception)) {
1149 smart_str_appendl(buf, "N;", 2);
1150 }
1151 zval_ptr_dtor(&obj);
1152 return;
1153 }
1154
1155 php_var_serialize_class_name(buf, &obj);
1156 smart_str_append_unsigned(buf, zend_hash_num_elements(Z_ARRVAL(retval)));
1157 smart_str_appendl(buf, ":{", 2);
1158 ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL(retval), index, key, data) {
1159 if (!key) {
1160 php_var_serialize_long(buf, index);
1161 } else {
1162 php_var_serialize_string(buf, ZSTR_VAL(key), ZSTR_LEN(key));
1163 }
1164
1165 if (Z_ISREF_P(data) && Z_REFCOUNT_P(data) == 1) {
1166 data = Z_REFVAL_P(data);
1167 }
1168 php_var_serialize_intern(buf, data, var_hash, Z_REFCOUNT(retval) > 1, false);
1169 } ZEND_HASH_FOREACH_END();
1170 smart_str_appendc(buf, '}');
1171
1172 zval_ptr_dtor(&obj);
1173 zval_ptr_dtor(&retval);
1174 return;
1175 }
1176
1177 if (ce->serialize != NULL) {
1178 /* has custom handler */
1179 unsigned char *serialized_data = NULL;
1180 size_t serialized_length;
1181
1182 if (ce->serialize(struc, &serialized_data, &serialized_length, (zend_serialize_data *)var_hash) == SUCCESS) {
1183 char b1[32], b2[32];
1184 char *s1 = zend_print_long_to_buf(b1 + sizeof(b1) - 1, ZSTR_LEN(Z_OBJCE_P(struc)->name));
1185 size_t l1 = b1 + sizeof(b1) - 1 - s1;
1186 char *s2 = zend_print_long_to_buf(b2 + sizeof(b2) - 1, serialized_length);
1187 size_t l2 = b2 + sizeof(b2) - 1 - s2;
1188 char *res = smart_str_extend(buf, 2 + l1 + 2 + ZSTR_LEN(Z_OBJCE_P(struc)->name) + 2 + l2 + 2 + serialized_length + 1);
1189 res = zend_mempcpy(res, "C:", 2);
1190 res = zend_mempcpy(res, s1, l1);
1191 res = zend_mempcpy(res, ":\"", 2);
1192 res = zend_mempcpy(res, ZSTR_VAL(Z_OBJCE_P(struc)->name), ZSTR_LEN(Z_OBJCE_P(struc)->name));
1193 res = zend_mempcpy(res, "\":", 2);
1194 res = zend_mempcpy(res, s2, l2);
1195 res = zend_mempcpy(res, ":{", 2);
1196 memcpy(res, (char *) serialized_data, serialized_length);
1197 res[serialized_length] = '}';
1198 } else {
1199 /* Mark this value in the var_hash, to avoid creating references to it. */
1200 zval *var_idx = zend_hash_index_find(&var_hash->ht,
1201 (zend_ulong) (uintptr_t) Z_COUNTED_P(struc));
1202 if (var_idx) {
1203 ZVAL_LONG(var_idx, -1);
1204 }
1205 smart_str_appendl(buf, "N;", 2);
1206 }
1207 if (serialized_data) {
1208 efree(serialized_data);
1209 }
1210 return;
1211 }
1212
1213 if (ce != PHP_IC_ENTRY) {
1214 zval *zv = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_SLEEP));
1215
1216 if (zv) {
1217 HashTable *ht;
1218 zval tmp;
1219
1220 ZVAL_OBJ_COPY(&tmp, Z_OBJ_P(struc));
1221 if (!(ht = php_var_serialize_call_sleep(Z_OBJ(tmp), Z_FUNC_P(zv)))) {
1222 if (!EG(exception)) {
1223 /* we should still add element even if it's not OK,
1224 * since we already wrote the length of the array before */
1225 smart_str_appendl(buf, "N;", 2);
1226 }
1227 OBJ_RELEASE(Z_OBJ(tmp));
1228 return;
1229 }
1230
1231 php_var_serialize_class(buf, &tmp, ht, var_hash);
1232 zend_array_release(ht);
1233 OBJ_RELEASE(Z_OBJ(tmp));
1234 return;
1235 }
1236 }
1237
1238 incomplete_class = php_var_serialize_class_name(buf, struc);
1239
1240 if (Z_OBJ_P(struc)->properties == NULL
1241 && Z_OBJ_HT_P(struc)->get_properties_for == NULL
1242 && Z_OBJ_HT_P(struc)->get_properties == zend_std_get_properties
1243 && !zend_object_is_lazy(Z_OBJ_P(struc))) {
1244 /* Optimized version without rebulding properties HashTable */
1245 zend_object *obj = Z_OBJ_P(struc);
1246 zend_class_entry *ce = obj->ce;
1247 zend_property_info *prop_info;
1248 zval *prop;
1249 int i;
1250
1251 count = ce->default_properties_count;
1252 for (i = 0; i < ce->default_properties_count; i++) {
1253 prop_info = ce->properties_info_table[i];
1254 if (!prop_info) {
1255 count--;
1256 continue;
1257 }
1258 prop = OBJ_PROP(obj, prop_info->offset);
1259 if (Z_TYPE_P(prop) == IS_UNDEF) {
1260 count--;
1261 continue;
1262 }
1263 }
1264 if (count) {
1265 smart_str_append_unsigned(buf, count);
1266 smart_str_appendl(buf, ":{", 2);
1267 for (i = 0; i < ce->default_properties_count; i++) {
1268 prop_info = ce->properties_info_table[i];
1269 if (!prop_info) {
1270 continue;
1271 }
1272 prop = OBJ_PROP(obj, prop_info->offset);
1273 if (Z_TYPE_P(prop) == IS_UNDEF) {
1274 continue;
1275 }
1276
1277 php_var_serialize_string(buf, ZSTR_VAL(prop_info->name), ZSTR_LEN(prop_info->name));
1278
1279 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
1280 prop = Z_REFVAL_P(prop);
1281 }
1282
1283 php_var_serialize_intern(buf, prop, var_hash, false, false);
1284 }
1285 smart_str_appendc(buf, '}');
1286 } else {
1287 smart_str_appendl(buf, "0:{}", 4);
1288 }
1289 return;
1290 }
1291 myht = zend_get_properties_for(struc, ZEND_PROP_PURPOSE_SERIALIZE);
1292 /* count after serializing name, since php_var_serialize_class_name
1293 * changes the count if the variable is incomplete class */
1294 count = zend_array_count(myht);
1295 if (count > 0 && incomplete_class) {
1296 --count;
1297 }
1298 php_var_serialize_nested_data(buf, struc, myht, count, incomplete_class, var_hash, GC_REFCOUNT(myht) > 1);
1299 zend_release_properties(myht);
1300 return;
1301 }
1302 case IS_ARRAY:
1303 smart_str_appendl(buf, "a:", 2);
1304 myht = Z_ARRVAL_P(struc);
1305 php_var_serialize_nested_data(
1306 buf, struc, myht, zend_array_count(myht), /* incomplete_class */ 0, var_hash,
1307 !is_root && (in_rcn_array || GC_REFCOUNT(myht) > 1));
1308 return;
1309 case IS_REFERENCE:
1310 struc = Z_REFVAL_P(struc);
1311 goto again;
1312 default:
1313 smart_str_appendl(buf, "i:0;", 4);
1314 return;
1315 }
1316 }
1317 /* }}} */
1318
php_var_serialize(smart_str * buf,zval * struc,php_serialize_data_t * data)1319 PHPAPI void php_var_serialize(smart_str *buf, zval *struc, php_serialize_data_t *data) /* {{{ */
1320 {
1321 php_var_serialize_intern(buf, struc, *data, false, true);
1322 smart_str_0(buf);
1323 }
1324 /* }}} */
1325
php_var_serialize_init(void)1326 PHPAPI php_serialize_data_t php_var_serialize_init(void) {
1327 struct php_serialize_data *d;
1328 /* fprintf(stderr, "SERIALIZE_INIT == lock: %u, level: %u\n", BG(serialize_lock), BG(serialize).level); */
1329 if (BG(serialize_lock) || !BG(serialize).level) {
1330 d = emalloc(sizeof(struct php_serialize_data));
1331 zend_hash_init(&d->ht, 16, NULL, ZVAL_PTR_DTOR, 0);
1332 d->n = 0;
1333 if (!BG(serialize_lock)) {
1334 BG(serialize).data = d;
1335 BG(serialize).level = 1;
1336 }
1337 } else {
1338 d = BG(serialize).data;
1339 ++BG(serialize).level;
1340 }
1341 return d;
1342 }
1343
php_var_serialize_destroy(php_serialize_data_t d)1344 PHPAPI void php_var_serialize_destroy(php_serialize_data_t d) {
1345 /* fprintf(stderr, "SERIALIZE_DESTROY == lock: %u, level: %u\n", BG(serialize_lock), BG(serialize).level); */
1346 if (BG(serialize_lock) || BG(serialize).level == 1) {
1347 zend_hash_destroy(&d->ht);
1348 efree(d);
1349 }
1350 if (!BG(serialize_lock) && !--BG(serialize).level) {
1351 BG(serialize).data = NULL;
1352 }
1353 }
1354
1355 /* {{{ Returns a string representation of variable (which can later be unserialized) */
PHP_FUNCTION(serialize)1356 PHP_FUNCTION(serialize)
1357 {
1358 zval *struc;
1359 php_serialize_data_t var_hash;
1360 smart_str buf = {0};
1361
1362 ZEND_PARSE_PARAMETERS_START(1, 1)
1363 Z_PARAM_ZVAL(struc)
1364 ZEND_PARSE_PARAMETERS_END();
1365
1366 PHP_VAR_SERIALIZE_INIT(var_hash);
1367 php_var_serialize(&buf, struc, &var_hash);
1368 PHP_VAR_SERIALIZE_DESTROY(var_hash);
1369
1370 if (EG(exception)) {
1371 smart_str_free(&buf);
1372 RETURN_THROWS();
1373 }
1374
1375 RETURN_STR(smart_str_extract(&buf));
1376 }
1377 /* }}} */
1378
1379 /* {{{ Takes a string representation of variable and recreates it, subject to the optional unserialize options HashTable */
php_unserialize_with_options(zval * return_value,const char * buf,const size_t buf_len,HashTable * options,const char * function_name)1380 PHPAPI void php_unserialize_with_options(zval *return_value, const char *buf, const size_t buf_len, HashTable *options, const char* function_name)
1381 {
1382 const unsigned char *p;
1383 php_unserialize_data_t var_hash;
1384 zval *retval;
1385 HashTable *class_hash = NULL, *prev_class_hash;
1386 zend_long prev_max_depth, prev_cur_depth;
1387
1388 if (buf_len == 0) {
1389 RETURN_FALSE;
1390 }
1391
1392 p = (const unsigned char*) buf;
1393 PHP_VAR_UNSERIALIZE_INIT(var_hash);
1394
1395 prev_class_hash = php_var_unserialize_get_allowed_classes(var_hash);
1396 prev_max_depth = php_var_unserialize_get_max_depth(var_hash);
1397 prev_cur_depth = php_var_unserialize_get_cur_depth(var_hash);
1398 if (options != NULL) {
1399 zval *classes, *max_depth;
1400
1401 classes = zend_hash_str_find_deref(options, "allowed_classes", sizeof("allowed_classes")-1);
1402 if (classes && Z_TYPE_P(classes) != IS_ARRAY && Z_TYPE_P(classes) != IS_TRUE && Z_TYPE_P(classes) != IS_FALSE) {
1403 zend_type_error("%s(): Option \"allowed_classes\" must be of type array|bool, %s given", function_name, zend_zval_value_name(classes));
1404 goto cleanup;
1405 }
1406
1407 if (classes && (Z_TYPE_P(classes) == IS_ARRAY || !zend_is_true(classes))) {
1408 ALLOC_HASHTABLE(class_hash);
1409 zend_hash_init(class_hash, (Z_TYPE_P(classes) == IS_ARRAY)?zend_hash_num_elements(Z_ARRVAL_P(classes)):0, NULL, NULL, 0);
1410 }
1411 if (class_hash && Z_TYPE_P(classes) == IS_ARRAY) {
1412 zval *entry;
1413
1414 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(classes), entry) {
1415 ZVAL_DEREF(entry);
1416 if (UNEXPECTED(Z_TYPE_P(entry) != IS_STRING && Z_TYPE_P(entry) != IS_OBJECT)) {
1417 zend_type_error("%s(): Option \"allowed_classes\" must be an array of class names, %s given",
1418 function_name, zend_zval_value_name(entry));
1419 goto cleanup;
1420 }
1421 zend_string *name = zval_try_get_string(entry);
1422 if (UNEXPECTED(name == NULL)) {
1423 goto cleanup;
1424 }
1425 if (UNEXPECTED(!zend_is_valid_class_name(name))) {
1426 zend_value_error("%s(): Option \"allowed_classes\" must be an array of class names, \"%s\" given", function_name, ZSTR_VAL(name));
1427 zend_string_release_ex(name, false);
1428 goto cleanup;
1429 }
1430 zend_string *lcname = zend_string_tolower(name);
1431 zend_hash_add_empty_element(class_hash, lcname);
1432 zend_string_release_ex(name, false);
1433 zend_string_release_ex(lcname, false);
1434 } ZEND_HASH_FOREACH_END();
1435 }
1436 php_var_unserialize_set_allowed_classes(var_hash, class_hash);
1437
1438 max_depth = zend_hash_str_find_deref(options, "max_depth", sizeof("max_depth") - 1);
1439 if (max_depth) {
1440 if (Z_TYPE_P(max_depth) != IS_LONG) {
1441 zend_type_error("%s(): Option \"max_depth\" must be of type int, %s given", function_name, zend_zval_value_name(max_depth));
1442 goto cleanup;
1443 }
1444 if (Z_LVAL_P(max_depth) < 0) {
1445 zend_value_error("%s(): Option \"max_depth\" must be greater than or equal to 0", function_name);
1446 goto cleanup;
1447 }
1448
1449 php_var_unserialize_set_max_depth(var_hash, Z_LVAL_P(max_depth));
1450 /* If the max_depth for a nested unserialize() call has been overridden,
1451 * start counting from zero again (for the nested call only). */
1452 php_var_unserialize_set_cur_depth(var_hash, 0);
1453 }
1454 }
1455
1456 if (BG(unserialize).level > 1) {
1457 retval = var_tmp_var(&var_hash);
1458 } else {
1459 retval = return_value;
1460 }
1461 if (!php_var_unserialize(retval, &p, p + buf_len, &var_hash)) {
1462 if (!EG(exception)) {
1463 php_error_docref(NULL, E_WARNING, "Error at offset " ZEND_LONG_FMT " of %zd bytes",
1464 (zend_long)((char*)p - buf), buf_len);
1465 }
1466 if (BG(unserialize).level <= 1) {
1467 zval_ptr_dtor(return_value);
1468 }
1469 RETVAL_FALSE;
1470 } else {
1471 if ((char*)p < buf + buf_len) {
1472 if (!EG(exception)) {
1473 php_error_docref(NULL, E_WARNING, "Extra data starting at offset " ZEND_LONG_FMT " of %zd bytes",
1474 (zend_long)((char*)p - buf), buf_len);
1475 }
1476 }
1477 if (BG(unserialize).level > 1) {
1478 ZVAL_COPY(return_value, retval);
1479 } else if (Z_REFCOUNTED_P(return_value)) {
1480 zend_refcounted *ref = Z_COUNTED_P(return_value);
1481 gc_check_possible_root(ref);
1482 }
1483 }
1484
1485 cleanup:
1486 if (class_hash) {
1487 zend_hash_destroy(class_hash);
1488 FREE_HASHTABLE(class_hash);
1489 }
1490
1491 /* Reset to previous options in case this is a nested call */
1492 php_var_unserialize_set_allowed_classes(var_hash, prev_class_hash);
1493 php_var_unserialize_set_max_depth(var_hash, prev_max_depth);
1494 php_var_unserialize_set_cur_depth(var_hash, prev_cur_depth);
1495 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
1496
1497 /* Per calling convention we must not return a reference here, so unwrap. We're doing this at
1498 * the very end, because __wakeup() calls performed during UNSERIALIZE_DESTROY might affect
1499 * the value we unwrap here. This is compatible with behavior in PHP <=7.0. */
1500 if (Z_ISREF_P(return_value)) {
1501 zend_unwrap_reference(return_value);
1502 }
1503 }
1504 /* }}} */
1505
1506 /* {{{ Takes a string representation of variable and recreates it */
PHP_FUNCTION(unserialize)1507 PHP_FUNCTION(unserialize)
1508 {
1509 char *buf = NULL;
1510 size_t buf_len;
1511 HashTable *options = NULL;
1512
1513 ZEND_PARSE_PARAMETERS_START(1, 2)
1514 Z_PARAM_STRING(buf, buf_len)
1515 Z_PARAM_OPTIONAL
1516 Z_PARAM_ARRAY_HT(options)
1517 ZEND_PARSE_PARAMETERS_END();
1518
1519 php_unserialize_with_options(return_value, buf, buf_len, options, "unserialize");
1520 }
1521 /* }}} */
1522
1523 /* {{{ Returns the allocated by PHP memory */
PHP_FUNCTION(memory_get_usage)1524 PHP_FUNCTION(memory_get_usage) {
1525 bool real_usage = 0;
1526
1527 ZEND_PARSE_PARAMETERS_START(0, 1)
1528 Z_PARAM_OPTIONAL
1529 Z_PARAM_BOOL(real_usage)
1530 ZEND_PARSE_PARAMETERS_END();
1531
1532 RETURN_LONG(zend_memory_usage(real_usage));
1533 }
1534 /* }}} */
1535
1536 /* {{{ Returns the peak allocated by PHP memory */
PHP_FUNCTION(memory_get_peak_usage)1537 PHP_FUNCTION(memory_get_peak_usage) {
1538 bool real_usage = 0;
1539
1540 ZEND_PARSE_PARAMETERS_START(0, 1)
1541 Z_PARAM_OPTIONAL
1542 Z_PARAM_BOOL(real_usage)
1543 ZEND_PARSE_PARAMETERS_END();
1544
1545 RETURN_LONG(zend_memory_peak_usage(real_usage));
1546 }
1547 /* }}} */
1548
1549 /* {{{ Resets the peak PHP memory usage */
PHP_FUNCTION(memory_reset_peak_usage)1550 PHP_FUNCTION(memory_reset_peak_usage) {
1551 ZEND_PARSE_PARAMETERS_NONE();
1552
1553 zend_memory_reset_peak_usage();
1554 }
1555 /* }}} */
1556
1557 PHP_INI_BEGIN()
1558 STD_PHP_INI_ENTRY("unserialize_max_depth", "4096", PHP_INI_ALL, OnUpdateLong, unserialize_max_depth, php_basic_globals, basic_globals)
PHP_INI_END()1559 PHP_INI_END()
1560
1561 PHP_MINIT_FUNCTION(var)
1562 {
1563 REGISTER_INI_ENTRIES();
1564 return SUCCESS;
1565 }
1566