1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_lazy_objects.h"
24 #include "zend_variables.h"
25 #include "zend_API.h"
26 #include "zend_objects.h"
27 #include "zend_objects_API.h"
28 #include "zend_object_handlers.h"
29 #include "zend_interfaces.h"
30 #include "zend_exceptions.h"
31 #include "zend_closures.h"
32 #include "zend_compile.h"
33 #include "zend_hash.h"
34 #include "zend_property_hooks.h"
35
36 #define DEBUG_OBJECT_HANDLERS 0
37
38 #define ZEND_WRONG_PROPERTY_OFFSET 0
39 #define ZEND_HOOKED_PROPERTY_OFFSET 1
40
41 /* guard flags */
42 #define IN_GET ZEND_GUARD_PROPERTY_GET
43 #define IN_SET ZEND_GUARD_PROPERTY_SET
44 #define IN_UNSET ZEND_GUARD_PROPERTY_UNSET
45 #define IN_ISSET ZEND_GUARD_PROPERTY_ISSET
46 #define IN_HOOK ZEND_GUARD_PROPERTY_HOOK
47
48 /*
49 __X accessors explanation:
50
51 if we have __get and property that is not part of the properties array is
52 requested, we call __get handler. If it fails, we return uninitialized.
53
54 if we have __set and property that is not part of the properties array is
55 set, we call __set handler. If it fails, we do not change the array.
56
57 for both handlers above, when we are inside __get/__set, no further calls for
58 __get/__set for this property of this object will be made, to prevent endless
59 recursion and enable accessors to change properties array.
60
61 if we have __call and method which is not part of the class function table is
62 called, we cal __call handler.
63 */
64
rebuild_object_properties_internal(zend_object * zobj)65 ZEND_API HashTable *rebuild_object_properties_internal(zend_object *zobj) /* {{{ */
66 {
67 if (!zobj->properties) {
68 zend_property_info *prop_info;
69 zend_class_entry *ce = zobj->ce;
70 int i;
71
72 zobj->properties = zend_new_array(ce->default_properties_count);
73 if (ce->default_properties_count) {
74 zend_hash_real_init_mixed(zobj->properties);
75 for (i = 0; i < ce->default_properties_count; i++) {
76 prop_info = ce->properties_info_table[i];
77
78 if (!prop_info) {
79 continue;
80 }
81
82 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
83 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
84 }
85
86 _zend_hash_append_ind(zobj->properties, prop_info->name,
87 OBJ_PROP(zobj, prop_info->offset));
88 }
89 }
90 }
91
92 return zobj->properties;
93 }
94 /* }}} */
95
96 /* Implements the fast path for array cast */
zend_std_build_object_properties_array(zend_object * zobj)97 ZEND_API HashTable *zend_std_build_object_properties_array(zend_object *zobj) /* {{{ */
98 {
99 zend_property_info *prop_info;
100 zend_class_entry *ce = zobj->ce;
101 HashTable *ht;
102 zval* prop;
103 int i;
104
105 ZEND_ASSERT(!(zend_object_is_lazy_proxy(zobj) && zend_lazy_object_initialized(zobj)));
106 ZEND_ASSERT(!zobj->properties);
107 ht = zend_new_array(ce->default_properties_count);
108 if (ce->default_properties_count) {
109 zend_hash_real_init_mixed(ht);
110 for (i = 0; i < ce->default_properties_count; i++) {
111 prop_info = ce->properties_info_table[i];
112
113 if (!prop_info) {
114 continue;
115 }
116
117 prop = OBJ_PROP(zobj, prop_info->offset);
118 if (UNEXPECTED(Z_TYPE_P(prop) == IS_UNDEF)) {
119 continue;
120 }
121
122 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
123 prop = Z_REFVAL_P(prop);
124 }
125
126 Z_TRY_ADDREF_P(prop);
127 _zend_hash_append(ht, prop_info->name, prop);
128 }
129 }
130 return ht;
131 }
132 /* }}} */
133
zend_std_get_properties(zend_object * zobj)134 ZEND_API HashTable *zend_std_get_properties(zend_object *zobj) /* {{{ */
135 {
136 return zend_std_get_properties_ex(zobj);
137 }
138 /* }}} */
139
140 /* Fetch properties HashTable without triggering lazy initialization */
zend_get_properties_no_lazy_init(zend_object * zobj)141 ZEND_API HashTable *zend_get_properties_no_lazy_init(zend_object *zobj)
142 {
143 if (zobj->handlers->get_properties == zend_std_get_properties) {
144 if (UNEXPECTED(zend_object_is_lazy_proxy(zobj)
145 && zend_lazy_object_initialized(zobj))) {
146 zend_object *instance = zend_lazy_object_get_instance(zobj);
147 return zend_get_properties_no_lazy_init(instance);
148 }
149
150 if (!zobj->properties) {
151 rebuild_object_properties_internal(zobj);
152 }
153 return zobj->properties;
154 }
155
156 ZEND_ASSERT(!zend_object_is_lazy(zobj));
157
158 return zobj->handlers->get_properties(zobj);
159 }
160
zend_std_get_gc(zend_object * zobj,zval ** table,int * n)161 ZEND_API HashTable *zend_std_get_gc(zend_object *zobj, zval **table, int *n) /* {{{ */
162 {
163 if (zobj->handlers->get_properties != zend_std_get_properties) {
164 *table = NULL;
165 *n = 0;
166 return zobj->handlers->get_properties(zobj);
167 } else {
168 if (UNEXPECTED(zend_object_is_lazy(zobj))) {
169 return zend_lazy_object_get_gc(zobj, table, n);
170 } else if (zobj->properties) {
171 *table = NULL;
172 *n = 0;
173 return zobj->properties;
174 } else {
175 *table = zobj->properties_table;
176 *n = zobj->ce->default_properties_count;
177 return NULL;
178 }
179 }
180 }
181 /* }}} */
182
zend_std_get_debug_info(zend_object * object,int * is_temp)183 ZEND_API HashTable *zend_std_get_debug_info(zend_object *object, int *is_temp) /* {{{ */
184 {
185 zend_class_entry *ce = object->ce;
186 zval retval;
187 HashTable *ht;
188
189 if (!ce->__debugInfo) {
190 if (UNEXPECTED(zend_object_is_lazy(object))) {
191 return zend_lazy_object_debug_info(object, is_temp);
192 }
193
194 *is_temp = 0;
195 return object->handlers->get_properties(object);
196 }
197
198 zend_call_known_instance_method_with_0_params(ce->__debugInfo, object, &retval);
199 if (Z_TYPE(retval) == IS_ARRAY) {
200 if (!Z_REFCOUNTED(retval)) {
201 *is_temp = 1;
202 return zend_array_dup(Z_ARRVAL(retval));
203 } else if (Z_REFCOUNT(retval) <= 1) {
204 *is_temp = 1;
205 ht = Z_ARR(retval);
206 return ht;
207 } else {
208 *is_temp = 0;
209 zval_ptr_dtor(&retval);
210 return Z_ARRVAL(retval);
211 }
212 } else if (Z_TYPE(retval) == IS_NULL) {
213 *is_temp = 1;
214 ht = zend_new_array(0);
215 return ht;
216 }
217
218 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
219
220 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
221 }
222 /* }}} */
223
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)224 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
225 {
226 zval member;
227 ZVAL_STR(&member, prop_name);
228 zend_call_known_instance_method_with_1_params(zobj->ce->__get, zobj, retval, &member);
229 }
230 /* }}} */
231
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)232 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
233 {
234 zval args[2];
235 ZVAL_STR(&args[0], prop_name);
236 ZVAL_COPY_VALUE(&args[1], value);
237 zend_call_known_instance_method(zobj->ce->__set, zobj, NULL, 2, args);
238 }
239 /* }}} */
240
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)241 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
242 {
243 zval member;
244 ZVAL_STR(&member, prop_name);
245 zend_call_known_instance_method_with_1_params(zobj->ce->__unset, zobj, NULL, &member);
246 }
247 /* }}} */
248
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)249 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
250 {
251 zval member;
252 ZVAL_STR(&member, prop_name);
253 zend_call_known_instance_method_with_1_params(zobj->ce->__isset, zobj, retval, &member);
254 }
255 /* }}} */
256
257
is_derived_class(const zend_class_entry * child_class,const zend_class_entry * parent_class)258 static zend_always_inline bool is_derived_class(const zend_class_entry *child_class, const zend_class_entry *parent_class) /* {{{ */
259 {
260 child_class = child_class->parent;
261 while (child_class) {
262 if (child_class == parent_class) {
263 return 1;
264 }
265 child_class = child_class->parent;
266 }
267
268 return 0;
269 }
270 /* }}} */
271
is_protected_compatible_scope(const zend_class_entry * ce,const zend_class_entry * scope)272 static zend_never_inline int is_protected_compatible_scope(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
273 {
274 return scope &&
275 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
276 }
277 /* }}} */
278
zend_get_parent_private_property(zend_class_entry * scope,const zend_class_entry * ce,zend_string * member)279 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, const zend_class_entry *ce, zend_string *member) /* {{{ */
280 {
281 zval *zv;
282 zend_property_info *prop_info;
283
284 if (scope != ce && scope && is_derived_class(ce, scope)) {
285 zv = zend_hash_find(&scope->properties_info, member);
286 if (zv != NULL) {
287 prop_info = (zend_property_info*)Z_PTR_P(zv);
288 if ((prop_info->flags & ZEND_ACC_PRIVATE)
289 && prop_info->ce == scope) {
290 return prop_info;
291 }
292 }
293 }
294 return NULL;
295 }
296 /* }}} */
297
zend_bad_property_access(const zend_property_info * property_info,const zend_class_entry * ce,const zend_string * member)298 static ZEND_COLD zend_never_inline void zend_bad_property_access(const zend_property_info *property_info, const zend_class_entry *ce, const zend_string *member) /* {{{ */
299 {
300 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
301 }
302 /* }}} */
303
zend_bad_property_name(void)304 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
305 {
306 zend_throw_error(NULL, "Cannot access property starting with \"\\0\"");
307 }
308 /* }}} */
309
zend_forbidden_dynamic_property(const zend_class_entry * ce,const zend_string * member)310 static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
311 const zend_class_entry *ce, const zend_string *member) {
312 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
313 ZSTR_VAL(ce->name), ZSTR_VAL(member));
314 }
315
zend_deprecated_dynamic_property(zend_object * obj,const zend_string * member)316 static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
317 zend_object *obj, const zend_string *member) {
318 GC_ADDREF(obj);
319 zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
320 ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
321 if (UNEXPECTED(GC_DELREF(obj) == 0)) {
322 zend_class_entry *ce = obj->ce;
323 zend_objects_store_del(obj);
324 if (!EG(exception)) {
325 /* We cannot continue execution and have to throw an exception */
326 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
327 ZSTR_VAL(ce->name), ZSTR_VAL(member));
328 }
329 return 0;
330 }
331 return 1;
332 }
333
zend_readonly_property_unset_error(zend_class_entry * ce,zend_string * member)334 static ZEND_COLD zend_never_inline void zend_readonly_property_unset_error(
335 zend_class_entry *ce, zend_string *member) {
336 zend_throw_error(NULL, "Cannot unset readonly property %s::$%s",
337 ZSTR_VAL(ce->name), ZSTR_VAL(member));
338 }
339
get_fake_or_executed_scope(void)340 static zend_always_inline zend_class_entry *get_fake_or_executed_scope(void)
341 {
342 if (UNEXPECTED(EG(fake_scope))) {
343 return EG(fake_scope);
344 } else {
345 return zend_get_executed_scope();
346 }
347 }
348
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,const zend_property_info ** info_ptr)349 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, const zend_property_info **info_ptr) /* {{{ */
350 {
351 zval *zv;
352 zend_property_info *property_info;
353 uint32_t flags;
354 uintptr_t offset;
355
356 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
357 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
358 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
359 }
360
361 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
362 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
363 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
364 if (!silent) {
365 zend_bad_property_name();
366 }
367 return ZEND_WRONG_PROPERTY_OFFSET;
368 }
369 dynamic:
370 if (cache_slot) {
371 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
372 CACHE_PTR_EX(cache_slot + 2, NULL);
373 }
374 return ZEND_DYNAMIC_PROPERTY_OFFSET;
375 }
376
377 property_info = (zend_property_info*)Z_PTR_P(zv);
378 flags = property_info->flags;
379
380 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
381 zend_class_entry *scope = get_fake_or_executed_scope();
382
383 if (property_info->ce != scope) {
384 if (flags & ZEND_ACC_CHANGED) {
385 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
386
387 /* If there is a public/protected instance property on ce, don't try to use a
388 * private static property on scope. If both are static, prefer the static
389 * property on scope. This will throw a static property notice, rather than
390 * a visibility error. */
391 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
392 property_info = p;
393 flags = property_info->flags;
394 goto found;
395 } else if (flags & ZEND_ACC_PUBLIC) {
396 goto found;
397 }
398 }
399 if (flags & ZEND_ACC_PRIVATE) {
400 if (property_info->ce != ce) {
401 goto dynamic;
402 } else {
403 wrong:
404 /* Information was available, but we were denied access. Error out. */
405 if (!silent) {
406 zend_bad_property_access(property_info, ce, member);
407 }
408 return ZEND_WRONG_PROPERTY_OFFSET;
409 }
410 } else {
411 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
412 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
413 goto wrong;
414 }
415 }
416 }
417 }
418
419 found:
420 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
421 if (!silent) {
422 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
423 }
424 return ZEND_DYNAMIC_PROPERTY_OFFSET;
425 }
426
427 if (property_info->hooks) {
428 *info_ptr = property_info;
429 if (cache_slot) {
430 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_HOOKED_PROPERTY_OFFSET);
431 CACHE_PTR_EX(cache_slot + 2, property_info);
432 }
433 return ZEND_HOOKED_PROPERTY_OFFSET;
434 }
435
436 offset = property_info->offset;
437 if (EXPECTED(!ZEND_TYPE_IS_SET(property_info->type))) {
438 property_info = NULL;
439 } else {
440 *info_ptr = property_info;
441 }
442 if (cache_slot) {
443 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
444 CACHE_PTR_EX(cache_slot + 2, property_info);
445 }
446 return offset;
447 }
448 /* }}} */
449
zend_wrong_offset(zend_class_entry * ce,zend_string * member)450 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
451 {
452 const zend_property_info *dummy;
453
454 /* Trigger the correct error */
455 zend_get_property_offset(ce, member, 0, NULL, &dummy);
456 }
457 /* }}} */
458
zend_get_property_info(const zend_class_entry * ce,zend_string * member,int silent)459 ZEND_API zend_property_info *zend_get_property_info(const zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
460 {
461 zval *zv;
462 zend_property_info *property_info;
463 uint32_t flags;
464
465 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
466 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
467 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
468 if (!silent) {
469 zend_bad_property_name();
470 }
471 return ZEND_WRONG_PROPERTY_INFO;
472 }
473 dynamic:
474 return NULL;
475 }
476
477 property_info = (zend_property_info*)Z_PTR_P(zv);
478 flags = property_info->flags;
479
480 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
481 zend_class_entry *scope = get_fake_or_executed_scope();
482 if (property_info->ce != scope) {
483 if (flags & ZEND_ACC_CHANGED) {
484 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
485
486 if (p) {
487 property_info = p;
488 flags = property_info->flags;
489 goto found;
490 } else if (flags & ZEND_ACC_PUBLIC) {
491 goto found;
492 }
493 }
494 if (flags & ZEND_ACC_PRIVATE) {
495 if (property_info->ce != ce) {
496 goto dynamic;
497 } else {
498 wrong:
499 /* Information was available, but we were denied access. Error out. */
500 if (!silent) {
501 zend_bad_property_access(property_info, ce, member);
502 }
503 return ZEND_WRONG_PROPERTY_INFO;
504 }
505 } else {
506 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
507 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
508 goto wrong;
509 }
510 }
511 }
512 }
513
514 found:
515 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
516 if (!silent) {
517 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
518 }
519 }
520 return property_info;
521 }
522 /* }}} */
523
zend_check_property_access(const zend_object * zobj,zend_string * prop_info_name,bool is_dynamic)524 ZEND_API zend_result zend_check_property_access(const zend_object *zobj, zend_string *prop_info_name, bool is_dynamic) /* {{{ */
525 {
526 zend_property_info *property_info;
527 const char *class_name = NULL;
528 const char *prop_name;
529 zend_string *member;
530 size_t prop_name_len;
531
532 if (ZSTR_VAL(prop_info_name)[0] == 0) {
533 if (is_dynamic) {
534 return SUCCESS;
535 }
536
537 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
538 member = zend_string_init(prop_name, prop_name_len, 0);
539 property_info = zend_get_property_info(zobj->ce, member, 1);
540 zend_string_release_ex(member, 0);
541 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
542 return FAILURE;
543 }
544
545 if (class_name[0] != '*') {
546 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
547 /* we we're looking for a private prop but found a non private one of the same name */
548 return FAILURE;
549 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
550 /* we we're looking for a private prop but found a private one of the same name but another class */
551 return FAILURE;
552 }
553 } else {
554 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
555 }
556 return SUCCESS;
557 } else {
558 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
559 if (property_info == NULL) {
560 ZEND_ASSERT(is_dynamic);
561 return SUCCESS;
562 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
563 return FAILURE;
564 }
565 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
566 }
567 }
568 /* }}} */
569
zend_asymmetric_property_has_set_access(const zend_property_info * prop_info)570 ZEND_API bool ZEND_FASTCALL zend_asymmetric_property_has_set_access(const zend_property_info *prop_info) {
571 ZEND_ASSERT(prop_info->flags & ZEND_ACC_PPP_SET_MASK);
572 ZEND_ASSERT(!(prop_info->flags & ZEND_ACC_PUBLIC_SET));
573 zend_class_entry *scope = get_fake_or_executed_scope();
574 if (prop_info->ce == scope) {
575 return true;
576 }
577 return EXPECTED((prop_info->flags & ZEND_ACC_PROTECTED_SET)
578 && is_protected_compatible_scope(prop_info->ce, scope));
579 }
580
zend_property_guard_dtor(zval * el)581 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
582 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
583 if (EXPECTED(!(((uintptr_t)ptr) & 1))) {
584 efree_size(ptr, sizeof(uint32_t));
585 }
586 }
587 /* }}} */
588
zend_get_guard_value(zend_object * zobj)589 static zend_always_inline zval *zend_get_guard_value(zend_object *zobj)
590 {
591 return zobj->properties_table + zobj->ce->default_properties_count;
592 }
593
zend_get_property_guard(zend_object * zobj,zend_string * member)594 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
595 {
596 HashTable *guards;
597 zval *zv;
598 uint32_t *ptr;
599
600
601 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
602 zv = zend_get_guard_value(zobj);
603 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
604 zend_string *str = Z_STR_P(zv);
605 if (EXPECTED(str == member) ||
606 /* str and member don't necessarily have a pre-calculated hash value here */
607 EXPECTED(zend_string_equal_content(str, member))) {
608 return &Z_GUARD_P(zv);
609 } else if (EXPECTED(Z_GUARD_P(zv) == 0)) {
610 zval_ptr_dtor_str(zv);
611 ZVAL_STR_COPY(zv, member);
612 return &Z_GUARD_P(zv);
613 } else {
614 ALLOC_HASHTABLE(guards);
615 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
616 /* mark pointer as "special" using low bit */
617 zend_hash_add_new_ptr(guards, str,
618 (void*)(((uintptr_t)&Z_GUARD_P(zv)) | 1));
619 zval_ptr_dtor_str(zv);
620 ZVAL_ARR(zv, guards);
621 }
622 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
623 guards = Z_ARRVAL_P(zv);
624 ZEND_ASSERT(guards != NULL);
625 zv = zend_hash_find(guards, member);
626 if (zv != NULL) {
627 return (uint32_t*)(((uintptr_t)Z_PTR_P(zv)) & ~1);
628 }
629 } else {
630 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
631 ZVAL_STR_COPY(zv, member);
632 Z_GUARD_P(zv) &= ~ZEND_GUARD_PROPERTY_MASK;
633 return &Z_GUARD_P(zv);
634 }
635 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
636 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
637 *ptr = 0;
638 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
639 }
640 /* }}} */
641
zend_get_recursion_guard(zend_object * zobj)642 ZEND_API uint32_t *zend_get_recursion_guard(zend_object *zobj)
643 {
644 if (!(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS)) {
645 return NULL;
646 }
647 zval *zv = zend_get_guard_value(zobj);
648 return &Z_GUARD_P(zv);
649 }
650
zend_typed_property_uninitialized_access(const zend_property_info * prop_info,zend_string * name)651 ZEND_COLD static void zend_typed_property_uninitialized_access(const zend_property_info *prop_info, zend_string *name)
652 {
653 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
654 ZSTR_VAL(prop_info->ce->name),
655 ZSTR_VAL(name));
656 }
657
658 static ZEND_FUNCTION(zend_parent_hook_get_trampoline);
659 static ZEND_FUNCTION(zend_parent_hook_set_trampoline);
660
zend_is_in_hook(const zend_property_info * prop_info)661 static bool zend_is_in_hook(const zend_property_info *prop_info)
662 {
663 zend_execute_data *execute_data = EG(current_execute_data);
664 if (!execute_data || !EX(func) || !EX(func)->common.prop_info) {
665 return false;
666 }
667
668 const zend_property_info *parent_info = EX(func)->common.prop_info;
669 ZEND_ASSERT(prop_info->prototype && parent_info->prototype);
670 return prop_info->prototype == parent_info->prototype;
671 }
672
zend_should_call_hook(const zend_property_info * prop_info,const zend_object * obj)673 static bool zend_should_call_hook(const zend_property_info *prop_info, const zend_object *obj)
674 {
675 return !zend_is_in_hook(prop_info)
676 /* execute_data and This are guaranteed to be set if zend_is_in_hook() returns true. */
677 || Z_OBJ(EG(current_execute_data)->This) != obj;
678 }
679
zend_throw_no_prop_backing_value_access(zend_string * class_name,zend_string * prop_name,bool is_read)680 static ZEND_COLD void zend_throw_no_prop_backing_value_access(zend_string *class_name, zend_string *prop_name, bool is_read)
681 {
682 zend_throw_error(NULL, "Must not %s virtual property %s::$%s",
683 is_read ? "read from" : "write to",
684 ZSTR_VAL(class_name), ZSTR_VAL(prop_name));
685 }
686
zend_call_get_hook(const zend_property_info * prop_info,zend_string * prop_name,zend_function * get,zend_object * zobj,zval * rv)687 static bool zend_call_get_hook(
688 const zend_property_info *prop_info, zend_string *prop_name,
689 zend_function *get, zend_object *zobj, zval *rv)
690 {
691 if (!zend_should_call_hook(prop_info, zobj)) {
692 if (UNEXPECTED(prop_info->flags & ZEND_ACC_VIRTUAL)) {
693 zend_throw_no_prop_backing_value_access(zobj->ce->name, prop_name, /* is_read */ true);
694 }
695 return false;
696 }
697
698 zend_call_known_instance_method_with_0_params(get, zobj, rv);
699
700 return true;
701 }
702
zend_std_read_property(zend_object * zobj,zend_string * name,int type,void ** cache_slot,zval * rv)703 ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int type, void **cache_slot, zval *rv) /* {{{ */
704 {
705 zval *retval;
706 uintptr_t property_offset;
707 const zend_property_info *prop_info = NULL;
708 uint32_t *guard = NULL;
709
710 #if DEBUG_OBJECT_HANDLERS
711 fprintf(stderr, "Read object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
712 #endif
713
714 /* make zend_get_property_info silent if we have getter - we may want to use it */
715 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
716
717 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
718 try_again:
719 retval = OBJ_PROP(zobj, property_offset);
720
721 if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))
722 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)
723 && ((prop_info->flags & ZEND_ACC_READONLY) || !zend_asymmetric_property_has_set_access(prop_info))) {
724 if (Z_TYPE_P(retval) == IS_OBJECT) {
725 /* For objects, W/RW/UNSET fetch modes might not actually modify object.
726 * Similar as with magic __get() allow them, but return the value as a copy
727 * to make sure no actual modification is possible. */
728 ZVAL_COPY(rv, retval);
729 retval = rv;
730 goto exit;
731 } else if (Z_TYPE_P(retval) == IS_UNDEF && type == BP_VAR_UNSET) {
732 retval = &EG(uninitialized_zval);
733 goto exit;
734 }
735 if (prop_info->flags & ZEND_ACC_READONLY) {
736 zend_readonly_property_indirect_modification_error(prop_info);
737 } else {
738 zend_asymmetric_visibility_property_modification_error(prop_info, "indirectly modify");
739 }
740 retval = &EG(uninitialized_zval);
741 goto exit;
742 }
743 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
744 goto exit;
745 }
746 if (UNEXPECTED(Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT)) {
747 /* Skip __get() for uninitialized typed properties */
748 goto uninit_error;
749 }
750 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
751 if (EXPECTED(zobj->properties != NULL)) {
752 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
753 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
754
755 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
756 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
757
758 if (EXPECTED(p->key == name) ||
759 (EXPECTED(p->h == ZSTR_H(name)) &&
760 EXPECTED(p->key != NULL) &&
761 EXPECTED(zend_string_equal_content(p->key, name)))) {
762 retval = &p->val;
763 goto exit;
764 }
765 }
766 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
767 }
768 retval = zend_hash_find(zobj->properties, name);
769 if (EXPECTED(retval)) {
770 if (cache_slot) {
771 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
772 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
773 }
774 goto exit;
775 }
776 }
777 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
778 zend_function *get = prop_info->hooks[ZEND_PROPERTY_HOOK_GET];
779 if (!get) {
780 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
781 zend_throw_error(NULL, "Property %s::$%s is write-only",
782 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
783 return &EG(uninitialized_zval);
784 }
785 /* Cache the fact that this hook has trivial read. This only applies to
786 * BP_VAR_R and BP_VAR_IS fetches. */
787 ZEND_SET_PROPERTY_HOOK_SIMPLE_READ(cache_slot);
788
789 retval = OBJ_PROP(zobj, prop_info->offset);
790 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
791 /* As hooked properties can't be unset, the only way to end up with an undef
792 * value is via an uninitialized property. */
793 ZEND_ASSERT(Z_PROP_FLAG_P(retval) == IS_PROP_UNINIT);
794 goto uninit_error;
795 }
796
797 if (UNEXPECTED(type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
798 if (UNEXPECTED(Z_TYPE_P(retval) != IS_OBJECT)) {
799 zend_throw_error(NULL, "Indirect modification of %s::$%s is not allowed",
800 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
801 goto exit;
802 }
803 ZVAL_COPY(rv, retval);
804 retval = rv;
805 }
806 goto exit;
807 }
808
809 zend_class_entry *ce = zobj->ce;
810
811 if (!zend_call_get_hook(prop_info, name, get, zobj, rv)) {
812 if (EG(exception)) {
813 return &EG(uninitialized_zval);
814 }
815
816 /* Reads from backing store can only occur in hooks, and hence will always remain simple. */
817 zend_execute_data *execute_data = EG(current_execute_data);
818 if (cache_slot && EX(opline) && EX(opline)->opcode == ZEND_FETCH_OBJ_R && EX(opline)->op1_type == IS_UNUSED) {
819 ZEND_SET_PROPERTY_HOOK_SIMPLE_READ(cache_slot);
820 }
821
822 property_offset = prop_info->offset;
823 if (!ZEND_TYPE_IS_SET(prop_info->type)) {
824 prop_info = NULL;
825 }
826 goto try_again;
827 }
828
829 if (EXPECTED(cache_slot
830 && zend_execute_ex == execute_ex
831 && ce->default_object_handlers->read_property == zend_std_read_property
832 && !ce->create_object
833 && !zend_is_in_hook(prop_info)
834 && !(prop_info->hooks[ZEND_PROPERTY_HOOK_GET]->common.fn_flags & ZEND_ACC_RETURN_REFERENCE))) {
835 ZEND_SET_PROPERTY_HOOK_SIMPLE_GET(cache_slot);
836 }
837
838 if (Z_TYPE_P(rv) != IS_UNDEF) {
839 retval = rv;
840 if (!Z_ISREF_P(rv)
841 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)
842 && UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
843 zend_throw_error(NULL, "Indirect modification of %s::$%s is not allowed",
844 ZSTR_VAL(ce->name), ZSTR_VAL(name));
845 }
846 } else {
847 retval = &EG(uninitialized_zval);
848 }
849
850 goto exit;
851 } else if (UNEXPECTED(EG(exception))) {
852 retval = &EG(uninitialized_zval);
853 goto exit;
854 }
855
856 retval = &EG(uninitialized_zval);
857
858 /* magic isset */
859 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
860 zval tmp_result;
861 guard = zend_get_property_guard(zobj, name);
862
863 if (!((*guard) & IN_ISSET)) {
864 GC_ADDREF(zobj);
865 ZVAL_UNDEF(&tmp_result);
866
867 *guard |= IN_ISSET;
868 zend_std_call_issetter(zobj, name, &tmp_result);
869 *guard &= ~IN_ISSET;
870
871 if (!zend_is_true(&tmp_result)) {
872 retval = &EG(uninitialized_zval);
873 OBJ_RELEASE(zobj);
874 zval_ptr_dtor(&tmp_result);
875 goto exit;
876 }
877
878 zval_ptr_dtor(&tmp_result);
879 if (zobj->ce->__get && !((*guard) & IN_GET)) {
880 goto call_getter;
881 }
882 OBJ_RELEASE(zobj);
883 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
884 goto call_getter_addref;
885 }
886 } else if (zobj->ce->__get) {
887 /* magic get */
888 guard = zend_get_property_guard(zobj, name);
889 if (!((*guard) & IN_GET)) {
890 /* have getter - try with it! */
891 call_getter_addref:
892 GC_ADDREF(zobj);
893 call_getter:
894 *guard |= IN_GET; /* prevent circular getting */
895 zend_std_call_getter(zobj, name, rv);
896 *guard &= ~IN_GET;
897
898 if (Z_TYPE_P(rv) != IS_UNDEF) {
899 retval = rv;
900 if (!Z_ISREF_P(rv) &&
901 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
902 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
903 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
904 }
905 }
906 } else {
907 retval = &EG(uninitialized_zval);
908 }
909
910 if (prop_info) {
911 zend_verify_prop_assignable_by_ref_ex(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0, ZEND_VERIFY_PROP_ASSIGNABLE_BY_REF_CONTEXT_MAGIC_GET);
912 }
913
914 OBJ_RELEASE(zobj);
915 goto exit;
916 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
917 /* Trigger the correct error */
918 zend_wrong_offset(zobj->ce, name);
919 ZEND_ASSERT(EG(exception));
920 retval = &EG(uninitialized_zval);
921 goto exit;
922 }
923 }
924
925 uninit_error:
926 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
927 if (!prop_info || (Z_PROP_FLAG_P(retval) & IS_PROP_LAZY)) {
928 zobj = zend_lazy_object_init(zobj);
929 if (!zobj) {
930 retval = &EG(uninitialized_zval);
931 goto exit;
932 }
933
934 return zend_std_read_property(zobj, name, type, cache_slot, rv);
935 }
936 }
937 if (type != BP_VAR_IS) {
938 if (prop_info) {
939 zend_typed_property_uninitialized_access(prop_info, name);
940 } else {
941 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
942 }
943 }
944 retval = &EG(uninitialized_zval);
945
946 exit:
947 return retval;
948 }
949 /* }}} */
950
property_uses_strict_types(void)951 static zend_always_inline bool property_uses_strict_types(void) {
952 zend_execute_data *execute_data = EG(current_execute_data);
953 return execute_data
954 && execute_data->func
955 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
956 }
957
zend_std_write_property(zend_object * zobj,zend_string * name,zval * value,void ** cache_slot)958 ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zval *value, void **cache_slot) /* {{{ */
959 {
960 zval *variable_ptr, tmp;
961 uintptr_t property_offset;
962 const zend_property_info *prop_info = NULL;
963 uint32_t *guard = NULL;
964 ZEND_ASSERT(!Z_ISREF_P(value));
965
966 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
967
968 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
969 try_again:
970 variable_ptr = OBJ_PROP(zobj, property_offset);
971
972 if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
973 bool error;
974 if (Z_TYPE_P(variable_ptr) != IS_UNDEF || (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) || !zobj->ce->__set) {
975 error = true;
976 } else {
977 guard = zend_get_property_guard(zobj, name);
978 error = (*guard) & IN_SET;
979 }
980 if (error) {
981 if ((prop_info->flags & ZEND_ACC_READONLY)
982 && Z_TYPE_P(variable_ptr) != IS_UNDEF
983 && !(Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINITABLE)) {
984 zend_readonly_property_modification_error(prop_info);
985 variable_ptr = &EG(error_zval);
986 goto exit;
987 }
988 if ((prop_info->flags & ZEND_ACC_PPP_SET_MASK) && !zend_asymmetric_property_has_set_access(prop_info)) {
989 zend_asymmetric_visibility_property_modification_error(prop_info, "modify");
990 variable_ptr = &EG(error_zval);
991 goto exit;
992 }
993 }
994 }
995
996 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
997 Z_TRY_ADDREF_P(value);
998
999 if (prop_info) {
1000 typed_property:
1001 ZVAL_COPY_VALUE(&tmp, value);
1002 // Increase refcount to prevent object from being released in __toString()
1003 GC_ADDREF(zobj);
1004 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
1005 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
1006 zend_object_released_while_assigning_to_property_error(prop_info);
1007 zend_objects_store_del(zobj);
1008 zval_ptr_dtor(&tmp);
1009 variable_ptr = &EG(error_zval);
1010 goto exit;
1011 }
1012 if (UNEXPECTED(!type_matched)) {
1013 zval_ptr_dtor(&tmp);
1014 variable_ptr = &EG(error_zval);
1015 goto exit;
1016 }
1017 Z_PROP_FLAG_P(variable_ptr) &= ~(IS_PROP_UNINIT|IS_PROP_REINITABLE);
1018 value = &tmp;
1019 }
1020
1021 found:;
1022 zend_refcounted *garbage = NULL;
1023
1024 variable_ptr = zend_assign_to_variable_ex(
1025 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types(), &garbage);
1026
1027 if (garbage) {
1028 if (GC_DELREF(garbage) == 0) {
1029 zend_execute_data *execute_data = EG(current_execute_data);
1030 // Assign to result variable before calling the destructor as it may release the object
1031 if (execute_data
1032 && EX(func)
1033 && ZEND_USER_CODE(EX(func)->common.type)
1034 && EX(opline)
1035 && EX(opline)->opcode == ZEND_ASSIGN_OBJ
1036 && EX(opline)->result_type) {
1037 ZVAL_COPY_DEREF(EX_VAR(EX(opline)->result.var), variable_ptr);
1038 variable_ptr = NULL;
1039 }
1040 rc_dtor_func(garbage);
1041 } else {
1042 gc_check_possible_root_no_ref(garbage);
1043 }
1044 }
1045 goto exit;
1046 }
1047 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) {
1048 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1049 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_LAZY) {
1050 goto lazy_init;
1051 }
1052 }
1053 /* Writes to uninitialized typed properties bypass __set(). */
1054 goto write_std_property;
1055 }
1056 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1057 if (EXPECTED(zobj->properties != NULL)) {
1058 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1059 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1060 GC_DELREF(zobj->properties);
1061 }
1062 zobj->properties = zend_array_dup(zobj->properties);
1063 }
1064 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
1065 Z_TRY_ADDREF_P(value);
1066 goto found;
1067 }
1068 }
1069 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
1070 zend_function *set = prop_info->hooks[ZEND_PROPERTY_HOOK_SET];
1071
1072 if (!set) {
1073 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
1074 zend_throw_error(NULL, "Property %s::$%s is read-only", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1075 variable_ptr = &EG(error_zval);
1076 goto exit;
1077 }
1078 ZEND_SET_PROPERTY_HOOK_SIMPLE_WRITE(cache_slot);
1079 property_offset = prop_info->offset;
1080 if (!ZEND_TYPE_IS_SET(prop_info->type)) {
1081 prop_info = NULL;
1082 }
1083 goto try_again;
1084 }
1085
1086 if (!zend_should_call_hook(prop_info, zobj)) {
1087 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
1088 zend_throw_no_prop_backing_value_access(zobj->ce->name, name, /* is_read */ false);
1089 variable_ptr = &EG(error_zval);
1090 goto exit;
1091 }
1092
1093 /* Writes to backing store can only occur in hooks, and hence will always remain simple. */
1094 zend_execute_data *execute_data = EG(current_execute_data);
1095 if (cache_slot && EX(opline) && EX(opline)->opcode == ZEND_ASSIGN_OBJ && EX(opline)->op1_type == IS_UNUSED) {
1096 ZEND_SET_PROPERTY_HOOK_SIMPLE_WRITE(cache_slot);
1097 }
1098
1099 property_offset = prop_info->offset;
1100 if (!ZEND_TYPE_IS_SET(prop_info->type)) {
1101 prop_info = NULL;
1102 }
1103 goto try_again;
1104 }
1105
1106 if (UNEXPECTED(prop_info->flags & ZEND_ACC_PPP_SET_MASK
1107 && !zend_asymmetric_property_has_set_access(prop_info))) {
1108 zend_asymmetric_visibility_property_modification_error(prop_info, "modify");
1109 variable_ptr = &EG(error_zval);
1110 goto exit;
1111 }
1112
1113 GC_ADDREF(zobj);
1114 zend_call_known_instance_method_with_1_params(set, zobj, NULL, value);
1115 OBJ_RELEASE(zobj);
1116
1117 variable_ptr = value;
1118 goto exit;
1119 } else if (UNEXPECTED(EG(exception))) {
1120 variable_ptr = &EG(error_zval);
1121 goto exit;
1122 }
1123
1124 /* magic set */
1125 if (zobj->ce->__set) {
1126 if (!guard) {
1127 guard = zend_get_property_guard(zobj, name);
1128 }
1129
1130 if (!((*guard) & IN_SET)) {
1131 GC_ADDREF(zobj);
1132 (*guard) |= IN_SET; /* prevent circular setting */
1133 zend_std_call_setter(zobj, name, value);
1134 (*guard) &= ~IN_SET;
1135 OBJ_RELEASE(zobj);
1136 variable_ptr = value;
1137 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1138 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1139 goto lazy_init;
1140 }
1141
1142 goto write_std_property;
1143 } else {
1144 /* Trigger the correct error */
1145 zend_wrong_offset(zobj->ce, name);
1146 ZEND_ASSERT(EG(exception));
1147 variable_ptr = &EG(error_zval);
1148 goto exit;
1149 }
1150 } else {
1151 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
1152 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1153 goto lazy_init;
1154 }
1155 write_std_property:
1156 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1157 variable_ptr = OBJ_PROP(zobj, property_offset);
1158
1159 Z_TRY_ADDREF_P(value);
1160 if (prop_info) {
1161 goto typed_property;
1162 }
1163
1164 ZVAL_COPY_VALUE(variable_ptr, value);
1165 } else {
1166 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1167 zend_forbidden_dynamic_property(zobj->ce, name);
1168 variable_ptr = &EG(error_zval);
1169 goto exit;
1170 }
1171 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1172 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1173 variable_ptr = &EG(error_zval);
1174 goto exit;
1175 }
1176 }
1177
1178 Z_TRY_ADDREF_P(value);
1179 variable_ptr = zend_hash_add_new(zend_std_get_properties(zobj), name, value);
1180 }
1181 }
1182
1183 exit:
1184 return variable_ptr;
1185
1186 lazy_init:
1187 zobj = zend_lazy_object_init(zobj);
1188 if (UNEXPECTED(!zobj)) {
1189 variable_ptr = &EG(error_zval);
1190 goto exit;
1191 }
1192 return zend_std_write_property(zobj, name, value, cache_slot);
1193 }
1194 /* }}} */
1195
zend_bad_array_access(zend_class_entry * ce)1196 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
1197 {
1198 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
1199 }
1200 /* }}} */
1201
zend_std_read_dimension(zend_object * object,zval * offset,int type,zval * rv)1202 ZEND_API zval *zend_std_read_dimension(zend_object *object, zval *offset, int type, zval *rv) /* {{{ */
1203 {
1204 zend_class_entry *ce = object->ce;
1205 zval tmp_offset;
1206
1207 /* arrayaccess_funcs_ptr is set if (and only if) the class implements zend_ce_arrayaccess */
1208 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1209 if (EXPECTED(funcs)) {
1210 if (offset == NULL) {
1211 /* [] construct */
1212 ZVAL_NULL(&tmp_offset);
1213 } else {
1214 ZVAL_COPY_DEREF(&tmp_offset, offset);
1215 }
1216
1217 GC_ADDREF(object);
1218 if (type == BP_VAR_IS) {
1219 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, rv, &tmp_offset);
1220 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
1221 OBJ_RELEASE(object);
1222 zval_ptr_dtor(&tmp_offset);
1223 return NULL;
1224 }
1225 if (!i_zend_is_true(rv)) {
1226 OBJ_RELEASE(object);
1227 zval_ptr_dtor(&tmp_offset);
1228 zval_ptr_dtor(rv);
1229 return &EG(uninitialized_zval);
1230 }
1231 zval_ptr_dtor(rv);
1232 }
1233
1234 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, rv, &tmp_offset);
1235
1236 OBJ_RELEASE(object);
1237 zval_ptr_dtor(&tmp_offset);
1238
1239 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
1240 if (UNEXPECTED(!EG(exception))) {
1241 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
1242 }
1243 return NULL;
1244 }
1245 return rv;
1246 } else {
1247 zend_bad_array_access(ce);
1248 return NULL;
1249 }
1250 }
1251 /* }}} */
1252
zend_std_write_dimension(zend_object * object,zval * offset,zval * value)1253 ZEND_API void zend_std_write_dimension(zend_object *object, zval *offset, zval *value) /* {{{ */
1254 {
1255 zend_class_entry *ce = object->ce;
1256 zval tmp_offset;
1257
1258 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1259 if (EXPECTED(funcs)) {
1260 if (!offset) {
1261 ZVAL_NULL(&tmp_offset);
1262 } else {
1263 ZVAL_COPY_DEREF(&tmp_offset, offset);
1264 }
1265 GC_ADDREF(object);
1266 zend_call_known_instance_method_with_2_params(funcs->zf_offsetset, object, NULL, &tmp_offset, value);
1267 OBJ_RELEASE(object);
1268 zval_ptr_dtor(&tmp_offset);
1269 } else {
1270 zend_bad_array_access(ce);
1271 }
1272 }
1273 /* }}} */
1274
1275 // todo: make zend_std_has_dimension return bool as well
zend_std_has_dimension(zend_object * object,zval * offset,int check_empty)1276 ZEND_API int zend_std_has_dimension(zend_object *object, zval *offset, int check_empty) /* {{{ */
1277 {
1278 zend_class_entry *ce = object->ce;
1279 zval retval, tmp_offset;
1280 bool result;
1281
1282 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1283 if (EXPECTED(funcs)) {
1284 ZVAL_COPY_DEREF(&tmp_offset, offset);
1285 GC_ADDREF(object);
1286 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, &retval, &tmp_offset);
1287 result = i_zend_is_true(&retval);
1288 zval_ptr_dtor(&retval);
1289 if (check_empty && result && EXPECTED(!EG(exception))) {
1290 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, &retval, &tmp_offset);
1291 result = i_zend_is_true(&retval);
1292 zval_ptr_dtor(&retval);
1293 }
1294 OBJ_RELEASE(object);
1295 zval_ptr_dtor(&tmp_offset);
1296 } else {
1297 zend_bad_array_access(ce);
1298 return 0;
1299 }
1300
1301 return result;
1302 }
1303 /* }}} */
1304
zend_std_get_property_ptr_ptr(zend_object * zobj,zend_string * name,int type,void ** cache_slot)1305 ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *name, int type, void **cache_slot) /* {{{ */
1306 {
1307 zval *retval = NULL;
1308 uintptr_t property_offset;
1309 const zend_property_info *prop_info = NULL;
1310
1311 #if DEBUG_OBJECT_HANDLERS
1312 fprintf(stderr, "Ptr object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
1313 #endif
1314
1315 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1316
1317 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1318 retval = OBJ_PROP(zobj, property_offset);
1319 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1320 if (EXPECTED(!zobj->ce->__get) ||
1321 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1322 UNEXPECTED(prop_info && (Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT))) {
1323 if (UNEXPECTED(zend_lazy_object_must_init(zobj) && (Z_PROP_FLAG_P(retval) & IS_PROP_LAZY))) {
1324 zobj = zend_lazy_object_init(zobj);
1325 if (!zobj) {
1326 return &EG(error_zval);
1327 }
1328
1329 return zend_std_get_property_ptr_ptr(zobj, name, type, cache_slot);
1330 }
1331 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1332 if (prop_info) {
1333 zend_typed_property_uninitialized_access(prop_info, name);
1334 retval = &EG(error_zval);
1335 } else {
1336 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1337 /* An error handler may set the property */
1338 if (EXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1339 ZVAL_NULL(retval);
1340 }
1341 }
1342 } else if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
1343 if ((prop_info->flags & ZEND_ACC_READONLY) || !zend_asymmetric_property_has_set_access(prop_info)) {
1344 retval = NULL;
1345 }
1346 } else if (!prop_info || !ZEND_TYPE_IS_SET(prop_info->type)) {
1347 ZVAL_NULL(retval);
1348 }
1349 } else {
1350 /* we do have getter - fail and let it try again with usual get/set */
1351 retval = NULL;
1352 }
1353 } else if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
1354 if ((prop_info->flags & ZEND_ACC_READONLY) || !zend_asymmetric_property_has_set_access(prop_info)) {
1355 retval = NULL;
1356 }
1357 }
1358 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1359 if (EXPECTED(zobj->properties)) {
1360 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1361 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1362 GC_DELREF(zobj->properties);
1363 }
1364 zobj->properties = zend_array_dup(zobj->properties);
1365 }
1366 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1367 return retval;
1368 }
1369 }
1370 if (EXPECTED(!zobj->ce->__get) ||
1371 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1372 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1373 zend_forbidden_dynamic_property(zobj->ce, name);
1374 return &EG(error_zval);
1375 }
1376 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1377 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1378 return &EG(error_zval);
1379 }
1380 }
1381 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1382 zobj = zend_lazy_object_init(zobj);
1383 if (!zobj) {
1384 return &EG(error_zval);
1385 }
1386
1387 return zend_std_get_property_ptr_ptr(zobj, name, type, cache_slot);
1388 }
1389 if (UNEXPECTED(!zobj->properties)) {
1390 rebuild_object_properties_internal(zobj);
1391 }
1392 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1393 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1394 }
1395 retval = zend_hash_add(zobj->properties, name, &EG(uninitialized_zval));
1396 }
1397 } else if (!IS_HOOKED_PROPERTY_OFFSET(property_offset) && zobj->ce->__get == NULL) {
1398 retval = &EG(error_zval);
1399 }
1400
1401 return retval;
1402 }
1403 /* }}} */
1404
zend_std_unset_property(zend_object * zobj,zend_string * name,void ** cache_slot)1405 ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void **cache_slot) /* {{{ */
1406 {
1407 uintptr_t property_offset;
1408 const zend_property_info *prop_info = NULL;
1409 uint32_t *guard = NULL;
1410
1411 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1412
1413 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1414 zval *slot = OBJ_PROP(zobj, property_offset);
1415
1416 if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
1417 bool error;
1418 if (Z_TYPE_P(slot) != IS_UNDEF || Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT || !zobj->ce->__unset) {
1419 error = true;
1420 } else {
1421 guard = zend_get_property_guard(zobj, name);
1422 error = (*guard) & IN_UNSET;
1423 }
1424 if (error) {
1425 if ((prop_info->flags & ZEND_ACC_READONLY)
1426 && Z_TYPE_P(slot) != IS_UNDEF
1427 && !(Z_PROP_FLAG_P(slot) & IS_PROP_REINITABLE)) {
1428 zend_readonly_property_unset_error(prop_info->ce, name);
1429 return;
1430 }
1431 if ((prop_info->flags & ZEND_ACC_PPP_SET_MASK) && !zend_asymmetric_property_has_set_access(prop_info)) {
1432 zend_asymmetric_visibility_property_modification_error(prop_info, "unset");
1433 return;
1434 }
1435 }
1436 }
1437
1438 if (Z_TYPE_P(slot) != IS_UNDEF) {
1439 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1440 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1441 if (prop_info) {
1442 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1443 }
1444 }
1445 zval tmp;
1446 ZVAL_COPY_VALUE(&tmp, slot);
1447 ZVAL_UNDEF(slot);
1448 zval_ptr_dtor(&tmp);
1449 if (zobj->properties) {
1450 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1451 }
1452 return;
1453 }
1454 if (UNEXPECTED(Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT)) {
1455 if (UNEXPECTED(zend_lazy_object_must_init(zobj) && (Z_PROP_FLAG_P(slot) & IS_PROP_LAZY))) {
1456 zobj = zend_lazy_object_init(zobj);
1457 if (!zobj) {
1458 return;
1459 }
1460 zend_std_unset_property(zobj, name, cache_slot);
1461 return;
1462 }
1463
1464 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1465 Z_PROP_FLAG_P(slot) = 0;
1466 return;
1467 }
1468 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1469 && EXPECTED(zobj->properties != NULL)) {
1470 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1471 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1472 GC_DELREF(zobj->properties);
1473 }
1474 zobj->properties = zend_array_dup(zobj->properties);
1475 }
1476 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1477 return;
1478 }
1479 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
1480 zend_throw_error(NULL, "Cannot unset hooked property %s::$%s",
1481 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1482 return;
1483 } else if (UNEXPECTED(EG(exception))) {
1484 return;
1485 }
1486
1487 /* magic unset */
1488 if (zobj->ce->__unset) {
1489 if (!guard) {
1490 guard = zend_get_property_guard(zobj, name);
1491 }
1492 if (!((*guard) & IN_UNSET)) {
1493 /* have unsetter - try with it! */
1494 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1495 zend_std_call_unsetter(zobj, name);
1496 (*guard) &= ~IN_UNSET;
1497 return;
1498 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1499 /* Trigger the correct error */
1500 zend_wrong_offset(zobj->ce, name);
1501 ZEND_ASSERT(EG(exception));
1502 return;
1503 } else {
1504 /* Nothing to do: The property already does not exist. */
1505 }
1506 }
1507
1508 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1509 zobj = zend_lazy_object_init(zobj);
1510 if (!zobj) {
1511 return;
1512 }
1513 zend_std_unset_property(zobj, name, cache_slot);
1514 return;
1515 }
1516 }
1517 /* }}} */
1518
zend_std_unset_dimension(zend_object * object,zval * offset)1519 ZEND_API void zend_std_unset_dimension(zend_object *object, zval *offset) /* {{{ */
1520 {
1521 zend_class_entry *ce = object->ce;
1522 zval tmp_offset;
1523
1524 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1525 if (EXPECTED(funcs)) {
1526 ZVAL_COPY_DEREF(&tmp_offset, offset);
1527 GC_ADDREF(object);
1528 zend_call_known_instance_method_with_1_params(funcs->zf_offsetunset, object, NULL, &tmp_offset);
1529 OBJ_RELEASE(object);
1530 zval_ptr_dtor(&tmp_offset);
1531 } else {
1532 zend_bad_array_access(ce);
1533 }
1534 }
1535 /* }}} */
1536
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1537 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1538 {
1539 zval *func;
1540 zend_function *fbc;
1541
1542 if (scope != ce && scope && is_derived_class(ce, scope)) {
1543 func = zend_hash_find(&scope->function_table, function_name);
1544 if (func != NULL) {
1545 fbc = Z_FUNC_P(func);
1546 if ((fbc->common.fn_flags & ZEND_ACC_PRIVATE)
1547 && fbc->common.scope == scope) {
1548 return fbc;
1549 }
1550 }
1551 }
1552 return NULL;
1553 }
1554 /* }}} */
1555
1556 /* Ensures that we're allowed to call a protected method.
1557 */
zend_check_protected(const zend_class_entry * ce,const zend_class_entry * scope)1558 ZEND_API bool zend_check_protected(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
1559 {
1560 const zend_class_entry *fbc_scope = ce;
1561
1562 /* Is the context that's calling the function, the same as one of
1563 * the function's parents?
1564 */
1565 while (fbc_scope) {
1566 if (fbc_scope==scope) {
1567 return 1;
1568 }
1569 fbc_scope = fbc_scope->parent;
1570 }
1571
1572 /* Is the function's scope the same as our current object context,
1573 * or any of the parents of our context?
1574 */
1575 while (scope) {
1576 if (scope==ce) {
1577 return 1;
1578 }
1579 scope = scope->parent;
1580 }
1581 return 0;
1582 }
1583 /* }}} */
1584
zend_get_call_trampoline_func(const zend_class_entry * ce,zend_string * method_name,bool is_static)1585 ZEND_API zend_function *zend_get_call_trampoline_func(const zend_class_entry *ce, zend_string *method_name, bool is_static) /* {{{ */
1586 {
1587 size_t mname_len;
1588 zend_op_array *func;
1589 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1590 /* We use non-NULL value to avoid useless run_time_cache allocation.
1591 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1592 */
1593 static const void *dummy = (void*)(intptr_t)2;
1594 static const zend_arg_info arg_info[1] = {{0}};
1595
1596 ZEND_ASSERT(fbc);
1597
1598 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1599 func = &EG(trampoline).op_array;
1600 } else {
1601 func = ecalloc(1, sizeof(zend_op_array));
1602 }
1603
1604 func->type = ZEND_USER_FUNCTION;
1605 func->arg_flags[0] = 0;
1606 func->arg_flags[1] = 0;
1607 func->arg_flags[2] = 0;
1608 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE | ZEND_ACC_PUBLIC | ZEND_ACC_VARIADIC;
1609 if (is_static) {
1610 func->fn_flags |= ZEND_ACC_STATIC;
1611 }
1612 func->opcodes = &EG(call_trampoline_op);
1613 ZEND_MAP_PTR_INIT(func->run_time_cache, (void**)dummy);
1614 func->scope = fbc->common.scope;
1615 /* reserve space for arguments, local and temporary variables */
1616 /* EG(trampoline) is reused from other places, like FFI (e.g. zend_ffi_cdata_get_closure()) where
1617 * it is used as an internal function. It may set fields that don't belong to common, thus
1618 * modifying zend_op_array specific data, most significantly last_var. We need to reset this
1619 * value so that it doesn't contain garbage when the engine allocates space for the next stack
1620 * frame. This didn't cause any issues until now due to "lucky" structure layout. */
1621 func->last_var = 0;
1622 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, 2) : 2;
1623 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1624 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1625 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1626
1627 //??? keep compatibility for "\0" characters
1628 //??? see: Zend/tests/bug46238.phpt
1629 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1630 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1631 } else {
1632 func->function_name = zend_string_copy(method_name);
1633 }
1634
1635 func->prototype = NULL;
1636 func->prop_info = NULL;
1637 func->num_args = 0;
1638 func->required_num_args = 0;
1639 func->arg_info = (zend_arg_info *) arg_info;
1640
1641 return (zend_function*)func;
1642 }
1643 /* }}} */
1644
ZEND_FUNCTION(zend_parent_hook_get_trampoline)1645 static ZEND_FUNCTION(zend_parent_hook_get_trampoline)
1646 {
1647 zend_object *obj = Z_PTR_P(ZEND_THIS);
1648 zend_string *prop_name = EX(func)->internal_function.reserved[0];
1649
1650 if (UNEXPECTED(ZEND_NUM_ARGS() != 0)) {
1651 zend_wrong_parameters_none_error();
1652 goto clean;
1653 }
1654
1655 zval rv;
1656 zval *retval = obj->handlers->read_property(obj, prop_name, BP_VAR_R, NULL, &rv);
1657 if (retval == &rv) {
1658 RETVAL_COPY_VALUE(retval);
1659 } else {
1660 RETVAL_COPY(retval);
1661 }
1662
1663 clean:
1664 zend_string_release(EX(func)->common.function_name);
1665 zend_free_trampoline(EX(func));
1666 EX(func) = NULL;
1667 }
1668
ZEND_FUNCTION(zend_parent_hook_set_trampoline)1669 static ZEND_FUNCTION(zend_parent_hook_set_trampoline)
1670 {
1671 zend_object *obj = Z_PTR_P(ZEND_THIS);
1672 zend_string *prop_name = EX(func)->internal_function.reserved[0];
1673
1674 zval *value;
1675
1676 ZEND_PARSE_PARAMETERS_START(1, 1)
1677 Z_PARAM_ZVAL(value)
1678 ZEND_PARSE_PARAMETERS_END_EX(goto clean);
1679
1680 RETVAL_COPY(obj->handlers->write_property(obj, prop_name, value, NULL));
1681
1682 clean:
1683 zend_string_release(EX(func)->common.function_name);
1684 zend_free_trampoline(EX(func));
1685 EX(func) = NULL;
1686 }
1687
zend_get_property_hook_trampoline(const zend_property_info * prop_info,zend_property_hook_kind kind,zend_string * prop_name)1688 ZEND_API zend_function *zend_get_property_hook_trampoline(
1689 const zend_property_info *prop_info,
1690 zend_property_hook_kind kind, zend_string *prop_name)
1691 {
1692 static const zend_arg_info arg_info[1] = {{0}};
1693 zend_function *func;
1694 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1695 func = &EG(trampoline);
1696 } else {
1697 func = (zend_function *)(uintptr_t)ecalloc(1, sizeof(zend_internal_function));
1698 }
1699 func->type = ZEND_INTERNAL_FUNCTION;
1700 func->common.arg_flags[0] = 0;
1701 func->common.arg_flags[1] = 0;
1702 func->common.arg_flags[2] = 0;
1703 func->common.fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE;
1704 func->common.function_name = zend_string_concat3(
1705 "$", 1, ZSTR_VAL(prop_name), ZSTR_LEN(prop_name),
1706 kind == ZEND_PROPERTY_HOOK_GET ? "::get" : "::set", 5);
1707 /* set to 0 to avoid arg_info[] allocation, because all values are passed by value anyway */
1708 uint32_t args = kind == ZEND_PROPERTY_HOOK_GET ? 0 : 1;
1709 func->common.num_args = args;
1710 func->common.required_num_args = args;
1711 func->common.scope = prop_info->ce;
1712 func->common.prototype = NULL;
1713 func->common.prop_info = prop_info;
1714 func->common.arg_info = (zend_arg_info *) arg_info;
1715 func->internal_function.handler = kind == ZEND_PROPERTY_HOOK_GET
1716 ? ZEND_FN(zend_parent_hook_get_trampoline)
1717 : ZEND_FN(zend_parent_hook_set_trampoline);
1718 func->internal_function.module = NULL;
1719
1720 func->internal_function.reserved[0] = prop_name;
1721 func->internal_function.reserved[1] = NULL;
1722
1723 return func;
1724 }
1725
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1726 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1727 {
1728 return zend_get_call_trampoline_func(ce, method_name, 0);
1729 }
1730 /* }}} */
1731
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1732 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1733 {
1734 zend_throw_error(NULL, "Call to %s method %s::%s() from %s%s",
1735 zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name),
1736 scope ? "scope " : "global scope",
1737 scope ? ZSTR_VAL(scope->name) : ""
1738 );
1739 }
1740 /* }}} */
1741
zend_abstract_method_call(zend_function * fbc)1742 static ZEND_COLD zend_never_inline void zend_abstract_method_call(zend_function *fbc) /* {{{ */
1743 {
1744 zend_throw_error(NULL, "Cannot call abstract method %s::%s()",
1745 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1746 }
1747 /* }}} */
1748
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1749 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1750 {
1751 zend_object *zobj = *obj_ptr;
1752 zval *func;
1753 zend_function *fbc;
1754 zend_string *lc_method_name;
1755 zend_class_entry *scope;
1756 ALLOCA_FLAG(use_heap);
1757
1758 if (EXPECTED(key != NULL)) {
1759 lc_method_name = Z_STR_P(key);
1760 #ifdef ZEND_ALLOCA_MAX_SIZE
1761 use_heap = 0;
1762 #endif
1763 } else {
1764 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1765 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1766 }
1767
1768 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1769 if (UNEXPECTED(!key)) {
1770 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1771 }
1772 if (zobj->ce->__call) {
1773 return zend_get_user_call_function(zobj->ce, method_name);
1774 } else {
1775 return NULL;
1776 }
1777 }
1778
1779 fbc = Z_FUNC_P(func);
1780
1781 /* Check access level */
1782 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1783 scope = zend_get_executed_scope();
1784
1785 if (fbc->common.scope != scope) {
1786 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1787 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1788
1789 if (EXPECTED(updated_fbc != NULL)) {
1790 fbc = updated_fbc;
1791 goto exit;
1792 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1793 goto exit;
1794 }
1795 }
1796 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1797 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1798 if (zobj->ce->__call) {
1799 fbc = zend_get_user_call_function(zobj->ce, method_name);
1800 } else {
1801 zend_bad_method_call(fbc, method_name, scope);
1802 fbc = NULL;
1803 }
1804 }
1805 }
1806 }
1807
1808 exit:
1809 if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1810 zend_abstract_method_call(fbc);
1811 fbc = NULL;
1812 }
1813 if (UNEXPECTED(!key)) {
1814 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1815 }
1816 return fbc;
1817 }
1818 /* }}} */
1819
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1820 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1821 {
1822 return zend_get_call_trampoline_func(ce, method_name, 1);
1823 }
1824 /* }}} */
1825
get_static_method_fallback(zend_class_entry * ce,zend_string * function_name)1826 static zend_always_inline zend_function *get_static_method_fallback(
1827 zend_class_entry *ce, zend_string *function_name)
1828 {
1829 zend_object *object;
1830 if (ce->__call &&
1831 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1832 instanceof_function(object->ce, ce)) {
1833 /* Call the top-level defined __call().
1834 * see: tests/classes/__call_004.phpt */
1835
1836 ZEND_ASSERT(object->ce->__call);
1837 return zend_get_user_call_function(object->ce, function_name);
1838 } else if (ce->__callstatic) {
1839 return zend_get_user_callstatic_function(ce, function_name);
1840 } else {
1841 return NULL;
1842 }
1843 }
1844
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1845 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1846 {
1847 zend_string *lc_function_name;
1848 if (EXPECTED(key != NULL)) {
1849 lc_function_name = Z_STR_P(key);
1850 } else {
1851 lc_function_name = zend_string_tolower(function_name);
1852 }
1853
1854 zend_function *fbc;
1855 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1856 if (EXPECTED(func)) {
1857 fbc = Z_FUNC_P(func);
1858 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1859 zend_class_entry *scope = zend_get_executed_scope();
1860 if (UNEXPECTED(fbc->common.scope != scope)) {
1861 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1862 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1863 zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
1864 if (!fallback_fbc) {
1865 zend_bad_method_call(fbc, function_name, scope);
1866 }
1867 fbc = fallback_fbc;
1868 }
1869 }
1870 }
1871 } else {
1872 fbc = get_static_method_fallback(ce, function_name);
1873 }
1874
1875 if (UNEXPECTED(!key)) {
1876 zend_string_release_ex(lc_function_name, 0);
1877 }
1878
1879 if (EXPECTED(fbc)) {
1880 if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1881 zend_abstract_method_call(fbc);
1882 fbc = NULL;
1883 } else if (UNEXPECTED(fbc->common.scope->ce_flags & ZEND_ACC_TRAIT)) {
1884 zend_error(E_DEPRECATED,
1885 "Calling static trait method %s::%s is deprecated, "
1886 "it should only be called on a class using the trait",
1887 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1888 if (EG(exception)) {
1889 return NULL;
1890 }
1891 }
1892 }
1893
1894 return fbc;
1895 }
1896 /* }}} */
1897
zend_class_init_statics(zend_class_entry * class_type)1898 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1899 {
1900 int i;
1901 zval *p;
1902
1903 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1904 if (class_type->parent) {
1905 zend_class_init_statics(class_type->parent);
1906 }
1907
1908 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1909 for (i = 0; i < class_type->default_static_members_count; i++) {
1910 p = &class_type->default_static_members_table[i];
1911 if (Z_TYPE_P(p) == IS_INDIRECT) {
1912 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1913 ZVAL_DEINDIRECT(q);
1914 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1915 } else {
1916 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1917 }
1918 }
1919 }
1920 } /* }}} */
1921
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1922 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1923 {
1924 zval *ret;
1925 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1926 *property_info_ptr = property_info;
1927
1928 if (UNEXPECTED(property_info == NULL)) {
1929 goto undeclared_property;
1930 }
1931
1932 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1933 zend_class_entry *scope = get_fake_or_executed_scope();
1934 if (property_info->ce != scope) {
1935 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1936 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1937 if (type != BP_VAR_IS) {
1938 zend_bad_property_access(property_info, ce, property_name);
1939 }
1940 return NULL;
1941 }
1942 }
1943 }
1944
1945 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1946 undeclared_property:
1947 if (type != BP_VAR_IS) {
1948 zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1949 }
1950 return NULL;
1951 }
1952
1953 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1954 if (UNEXPECTED(zend_update_class_constants(ce) != SUCCESS)) {
1955 return NULL;
1956 }
1957 }
1958
1959 /* Ensure static properties are initialized. */
1960 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1961 zend_class_init_statics(ce);
1962 }
1963
1964 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1965 ZVAL_DEINDIRECT(ret);
1966
1967 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1968 && Z_TYPE_P(ret) == IS_UNDEF && ZEND_TYPE_IS_SET(property_info->type))) {
1969 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1970 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1971 return NULL;
1972 }
1973
1974 if (UNEXPECTED(ce->ce_flags & ZEND_ACC_TRAIT)) {
1975 zend_error(E_DEPRECATED,
1976 "Accessing static trait property %s::$%s is deprecated, "
1977 "it should only be accessed on a class using the trait",
1978 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1979 }
1980
1981 return ret;
1982 }
1983 /* }}} */
1984
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1985 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1986 {
1987 zend_property_info *prop_info;
1988 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
1989 }
1990
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)1991 ZEND_API ZEND_COLD bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
1992 {
1993 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1994 return 0;
1995 }
1996 /* }}} */
1997
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)1998 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
1999 {
2000 if (scope) {
2001 zend_throw_error(NULL, "Call to %s %s::%s() from scope %s",
2002 zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name),
2003 ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name)
2004 );
2005 } else {
2006 zend_throw_error(NULL, "Call to %s %s::%s() from global scope", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
2007 }
2008 }
2009 /* }}} */
2010
zend_std_get_constructor(zend_object * zobj)2011 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
2012 {
2013 zend_function *constructor = zobj->ce->constructor;
2014
2015 if (constructor) {
2016 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
2017 zend_class_entry *scope = get_fake_or_executed_scope();
2018 if (UNEXPECTED(constructor->common.scope != scope)) {
2019 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
2020 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
2021 zend_bad_constructor_call(constructor, scope);
2022 zend_object_store_ctor_failed(zobj);
2023 constructor = NULL;
2024 }
2025 }
2026 }
2027 }
2028
2029 return constructor;
2030 }
2031 /* }}} */
2032
zend_std_compare_objects(zval * o1,zval * o2)2033 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
2034 {
2035 zend_object *zobj1, *zobj2;
2036
2037 if (Z_TYPE_P(o1) != Z_TYPE_P(o2)) {
2038 /* Object and non-object */
2039 zval *object;
2040 zval *value;
2041 zval casted;
2042 bool object_lhs;
2043 if (Z_TYPE_P(o1) == IS_OBJECT) {
2044 object = o1;
2045 value = o2;
2046 object_lhs = true;
2047 } else {
2048 object = o2;
2049 value = o1;
2050 object_lhs = false;
2051 }
2052 ZEND_ASSERT(Z_TYPE_P(value) != IS_OBJECT);
2053 uint8_t target_type = (Z_TYPE_P(value) == IS_FALSE || Z_TYPE_P(value) == IS_TRUE)
2054 ? _IS_BOOL : Z_TYPE_P(value);
2055 if (Z_OBJ_HT_P(object)->cast_object(Z_OBJ_P(object), &casted, target_type) == FAILURE) {
2056 // TODO: Less crazy.
2057 if (target_type == IS_LONG || target_type == IS_DOUBLE) {
2058 zend_error(E_NOTICE, "Object of class %s could not be converted to %s",
2059 ZSTR_VAL(Z_OBJCE_P(object)->name), zend_get_type_by_const(target_type));
2060 if (target_type == IS_LONG) {
2061 ZVAL_LONG(&casted, 1);
2062 } else {
2063 ZVAL_DOUBLE(&casted, 1.0);
2064 }
2065 } else {
2066 return object_lhs ? 1 : -1;
2067 }
2068 }
2069 int ret = object_lhs ? zend_compare(&casted, value) : zend_compare(value, &casted);
2070 zval_ptr_dtor(&casted);
2071 return ret;
2072 }
2073
2074 zobj1 = Z_OBJ_P(o1);
2075 zobj2 = Z_OBJ_P(o2);
2076
2077 if (zobj1 == zobj2) {
2078 return 0; /* the same object */
2079 }
2080 if (zobj1->ce != zobj2->ce) {
2081 return ZEND_UNCOMPARABLE; /* different classes */
2082 }
2083 if (!zobj1->properties && !zobj2->properties
2084 && !zend_object_is_lazy(zobj1) && !zend_object_is_lazy(zobj2)) {
2085 zend_property_info *info;
2086 int i;
2087
2088 if (!zobj1->ce->default_properties_count) {
2089 return 0;
2090 }
2091
2092 /* It's enough to protect only one of the objects.
2093 * The second one may be referenced from the first and this may cause
2094 * false recursion detection.
2095 */
2096 /* use bitwise OR to make only one conditional jump */
2097 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
2098 zend_throw_error(NULL, "Nesting level too deep - recursive dependency?");
2099 return ZEND_UNCOMPARABLE;
2100 }
2101 Z_PROTECT_RECURSION_P(o1);
2102
2103 for (i = 0; i < zobj1->ce->default_properties_count; i++) {
2104 zval *p1, *p2;
2105
2106 info = zobj1->ce->properties_info_table[i];
2107
2108 if (!info) {
2109 continue;
2110 }
2111
2112 p1 = OBJ_PROP(zobj1, info->offset);
2113 p2 = OBJ_PROP(zobj2, info->offset);
2114
2115 if (Z_TYPE_P(p1) != IS_UNDEF) {
2116 if (Z_TYPE_P(p2) != IS_UNDEF) {
2117 int ret;
2118
2119 ret = zend_compare(p1, p2);
2120 if (ret != 0) {
2121 Z_UNPROTECT_RECURSION_P(o1);
2122 return ret;
2123 }
2124 } else {
2125 Z_UNPROTECT_RECURSION_P(o1);
2126 return 1;
2127 }
2128 } else {
2129 if (Z_TYPE_P(p2) != IS_UNDEF) {
2130 Z_UNPROTECT_RECURSION_P(o1);
2131 return 1;
2132 }
2133 }
2134 }
2135
2136 Z_UNPROTECT_RECURSION_P(o1);
2137 return 0;
2138 } else {
2139 return zend_compare_symbol_tables(
2140 zend_std_get_properties_ex(zobj1),
2141 zend_std_get_properties_ex(zobj2));
2142 }
2143 }
2144 /* }}} */
2145
zend_objects_not_comparable(zval * o1,zval * o2)2146 ZEND_API int zend_objects_not_comparable(zval *o1, zval *o2)
2147 {
2148 return ZEND_UNCOMPARABLE;
2149 }
2150
2151 // todo: make zend_std_has_property return bool as well
zend_std_has_property(zend_object * zobj,zend_string * name,int has_set_exists,void ** cache_slot)2152 ZEND_API int zend_std_has_property(zend_object *zobj, zend_string *name, int has_set_exists, void **cache_slot) /* {{{ */
2153 {
2154 bool result;
2155 zval *value = NULL;
2156 uintptr_t property_offset;
2157 const zend_property_info *prop_info = NULL;
2158
2159 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
2160
2161 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
2162 try_again:
2163 value = OBJ_PROP(zobj, property_offset);
2164 if (Z_TYPE_P(value) != IS_UNDEF) {
2165 goto found;
2166 }
2167 if (UNEXPECTED(Z_PROP_FLAG_P(value) & IS_PROP_UNINIT)) {
2168 /* Skip __isset() for uninitialized typed properties */
2169 goto lazy_init;
2170 }
2171 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
2172 if (EXPECTED(zobj->properties != NULL)) {
2173 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
2174 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
2175
2176 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
2177 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
2178
2179 if (EXPECTED(p->key == name) ||
2180 (EXPECTED(p->h == ZSTR_H(name)) &&
2181 EXPECTED(p->key != NULL) &&
2182 EXPECTED(zend_string_equal_content(p->key, name)))) {
2183 value = &p->val;
2184 goto found;
2185 }
2186 }
2187 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
2188 }
2189 value = zend_hash_find(zobj->properties, name);
2190 if (value) {
2191 if (cache_slot) {
2192 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
2193 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
2194 }
2195 found:
2196 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
2197 result = zend_is_true(value);
2198 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
2199 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
2200 ZVAL_DEREF(value);
2201 result = (Z_TYPE_P(value) != IS_NULL);
2202 } else {
2203 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
2204 result = true;
2205 }
2206 goto exit;
2207 }
2208 }
2209 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
2210 zend_function *get = prop_info->hooks[ZEND_PROPERTY_HOOK_GET];
2211
2212 if (has_set_exists == ZEND_PROPERTY_EXISTS) {
2213 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
2214 return true;
2215 }
2216 property_offset = prop_info->offset;
2217 goto try_again;
2218 }
2219
2220 if (!get) {
2221 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
2222 zend_throw_error(NULL, "Property %s::$%s is write-only",
2223 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
2224 return 0;
2225 } else {
2226 property_offset = prop_info->offset;
2227 goto try_again;
2228 }
2229 }
2230
2231 zval rv;
2232 if (!zend_call_get_hook(prop_info, name, get, zobj, &rv)) {
2233 if (EG(exception)) {
2234 return 0;
2235 }
2236 property_offset = prop_info->offset;
2237 goto try_again;
2238 }
2239
2240 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
2241 result = zend_is_true(&rv);
2242 } else {
2243 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
2244 result = Z_TYPE(rv) != IS_NULL
2245 && (Z_TYPE(rv) != IS_REFERENCE || Z_TYPE_P(Z_REFVAL(rv)) != IS_NULL);
2246 }
2247 zval_ptr_dtor(&rv);
2248 return result;
2249 } else if (UNEXPECTED(EG(exception))) {
2250 result = false;
2251 goto exit;
2252 }
2253
2254 if (!zobj->ce->__isset) {
2255 goto lazy_init;
2256 }
2257
2258 result = false;
2259 if (has_set_exists != ZEND_PROPERTY_EXISTS) {
2260 uint32_t *guard = zend_get_property_guard(zobj, name);
2261
2262 if (!((*guard) & IN_ISSET)) {
2263 zval rv;
2264
2265 /* have issetter - try with it! */
2266 GC_ADDREF(zobj);
2267 (*guard) |= IN_ISSET; /* prevent circular getting */
2268 zend_std_call_issetter(zobj, name, &rv);
2269 result = zend_is_true(&rv);
2270 zval_ptr_dtor(&rv);
2271 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
2272 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
2273 (*guard) |= IN_GET;
2274 zend_std_call_getter(zobj, name, &rv);
2275 (*guard) &= ~IN_GET;
2276 result = i_zend_is_true(&rv);
2277 zval_ptr_dtor(&rv);
2278 } else {
2279 result = false;
2280 }
2281 }
2282 (*guard) &= ~IN_ISSET;
2283 OBJ_RELEASE(zobj);
2284 }
2285 }
2286
2287 exit:
2288 return result;
2289
2290 lazy_init:
2291 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
2292 if (!value || (Z_PROP_FLAG_P(value) & IS_PROP_LAZY)) {
2293 zobj = zend_lazy_object_init(zobj);
2294 if (!zobj) {
2295 result = 0;
2296 goto exit;
2297 }
2298
2299 return zend_std_has_property(zobj, name, has_set_exists, cache_slot);
2300 }
2301 }
2302
2303 result = 0;
2304 goto exit;
2305 }
2306 /* }}} */
2307
zend_std_get_class_name(const zend_object * zobj)2308 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
2309 {
2310 return zend_string_copy(zobj->ce->name);
2311 }
2312 /* }}} */
2313
zend_std_cast_object_tostring(zend_object * readobj,zval * writeobj,int type)2314 ZEND_API zend_result zend_std_cast_object_tostring(zend_object *readobj, zval *writeobj, int type) /* {{{ */
2315 {
2316 switch (type) {
2317 case IS_STRING: {
2318 zend_class_entry *ce = readobj->ce;
2319 if (ce->__tostring) {
2320 zval retval;
2321 GC_ADDREF(readobj);
2322 zend_call_known_instance_method_with_0_params(ce->__tostring, readobj, &retval);
2323 zend_object_release(readobj);
2324 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
2325 ZVAL_COPY_VALUE(writeobj, &retval);
2326 return SUCCESS;
2327 }
2328 zval_ptr_dtor(&retval);
2329 if (!EG(exception)) {
2330 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
2331 }
2332 }
2333 return FAILURE;
2334 }
2335 case _IS_BOOL:
2336 ZVAL_TRUE(writeobj);
2337 return SUCCESS;
2338 default:
2339 return FAILURE;
2340 }
2341 }
2342 /* }}} */
2343
zend_std_get_closure(zend_object * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr,bool check_only)2344 ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr, bool check_only) /* {{{ */
2345 {
2346 zend_class_entry *ce = obj->ce;
2347 zval *func = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE));
2348
2349 if (func == NULL) {
2350 return FAILURE;
2351 }
2352 *fptr_ptr = Z_FUNC_P(func);
2353
2354 *ce_ptr = ce;
2355 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
2356 if (obj_ptr) {
2357 *obj_ptr = NULL;
2358 }
2359 } else {
2360 if (obj_ptr) {
2361 *obj_ptr = obj;
2362 }
2363 }
2364 return SUCCESS;
2365 }
2366 /* }}} */
2367
zend_std_get_properties_for(zend_object * obj,zend_prop_purpose purpose)2368 ZEND_API HashTable *zend_std_get_properties_for(zend_object *obj, zend_prop_purpose purpose) {
2369 HashTable *ht;
2370 switch (purpose) {
2371 case ZEND_PROP_PURPOSE_DEBUG:
2372 if (obj->handlers->get_debug_info) {
2373 int is_temp;
2374 ht = obj->handlers->get_debug_info(obj, &is_temp);
2375 if (ht && !is_temp) {
2376 GC_TRY_ADDREF(ht);
2377 }
2378 return ht;
2379 }
2380 ZEND_FALLTHROUGH;
2381 case ZEND_PROP_PURPOSE_JSON:
2382 case ZEND_PROP_PURPOSE_GET_OBJECT_VARS:
2383 case ZEND_PROP_PURPOSE_VAR_EXPORT:
2384 if (obj->ce->num_hooked_props) {
2385 return zend_hooked_object_build_properties(obj);
2386 }
2387 ht = obj->handlers->get_properties(obj);
2388 if (ht) {
2389 GC_TRY_ADDREF(ht);
2390 }
2391 return ht;
2392 case ZEND_PROP_PURPOSE_ARRAY_CAST:
2393 ht = zend_get_properties_no_lazy_init(obj);
2394 if (ht) {
2395 GC_TRY_ADDREF(ht);
2396 }
2397 return ht;
2398 case ZEND_PROP_PURPOSE_SERIALIZE: {
2399 if (zend_object_is_lazy(obj)
2400 && !zend_lazy_object_initialize_on_serialize(obj)) {
2401 ht = zend_get_properties_no_lazy_init(obj);
2402 } else {
2403 ht = obj->handlers->get_properties(obj);
2404 }
2405 if (ht) {
2406 GC_TRY_ADDREF(ht);
2407 }
2408 return ht;
2409 }
2410 default:
2411 ZEND_UNREACHABLE();
2412 return NULL;
2413 }
2414 }
2415
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)2416 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
2417 zend_object *zobj = Z_OBJ_P(obj);
2418
2419 if (zobj->handlers->get_properties_for) {
2420 return zobj->handlers->get_properties_for(zobj, purpose);
2421 }
2422
2423 return zend_std_get_properties_for(zobj, purpose);
2424 }
2425
2426 ZEND_API const zend_object_handlers std_object_handlers = {
2427 0, /* offset */
2428
2429 zend_object_std_dtor, /* free_obj */
2430 zend_objects_destroy_object, /* dtor_obj */
2431 zend_objects_clone_obj, /* clone_obj */
2432
2433 zend_std_read_property, /* read_property */
2434 zend_std_write_property, /* write_property */
2435 zend_std_read_dimension, /* read_dimension */
2436 zend_std_write_dimension, /* write_dimension */
2437 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
2438 zend_std_has_property, /* has_property */
2439 zend_std_unset_property, /* unset_property */
2440 zend_std_has_dimension, /* has_dimension */
2441 zend_std_unset_dimension, /* unset_dimension */
2442 zend_std_get_properties, /* get_properties */
2443 zend_std_get_method, /* get_method */
2444 zend_std_get_constructor, /* get_constructor */
2445 zend_std_get_class_name, /* get_class_name */
2446 zend_std_cast_object_tostring, /* cast_object */
2447 NULL, /* count_elements */
2448 zend_std_get_debug_info, /* get_debug_info */
2449 zend_std_get_closure, /* get_closure */
2450 zend_std_get_gc, /* get_gc */
2451 NULL, /* do_operation */
2452 zend_std_compare_objects, /* compare */
2453 NULL, /* get_properties_for */
2454 };
2455
