1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_variables.h"
24 #include "zend_API.h"
25 #include "zend_objects.h"
26 #include "zend_objects_API.h"
27 #include "zend_object_handlers.h"
28 #include "zend_interfaces.h"
29 #include "zend_exceptions.h"
30 #include "zend_closures.h"
31 #include "zend_compile.h"
32 #include "zend_hash.h"
33
34 #define DEBUG_OBJECT_HANDLERS 0
35
36 #define ZEND_WRONG_PROPERTY_OFFSET 0
37
38 /* guard flags */
39 #define IN_GET (1<<0)
40 #define IN_SET (1<<1)
41 #define IN_UNSET (1<<2)
42 #define IN_ISSET (1<<3)
43
44 /*
45 __X accessors explanation:
46
47 if we have __get and property that is not part of the properties array is
48 requested, we call __get handler. If it fails, we return uninitialized.
49
50 if we have __set and property that is not part of the properties array is
51 set, we call __set handler. If it fails, we do not change the array.
52
53 for both handlers above, when we are inside __get/__set, no further calls for
54 __get/__set for this property of this object will be made, to prevent endless
55 recursion and enable accessors to change properties array.
56
57 if we have __call and method which is not part of the class function table is
58 called, we cal __call handler.
59 */
60
rebuild_object_properties(zend_object * zobj)61 ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
62 {
63 if (!zobj->properties) {
64 zend_property_info *prop_info;
65 zend_class_entry *ce = zobj->ce;
66 uint32_t flags = 0;
67
68 zobj->properties = zend_new_array(ce->default_properties_count);
69 if (ce->default_properties_count) {
70 zend_hash_real_init_mixed(zobj->properties);
71 ZEND_HASH_FOREACH_PTR(&ce->properties_info, prop_info) {
72 if (!(prop_info->flags & ZEND_ACC_STATIC)) {
73 flags |= prop_info->flags;
74
75 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
76 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
77 }
78
79 _zend_hash_append_ind(zobj->properties, prop_info->name,
80 OBJ_PROP(zobj, prop_info->offset));
81 }
82 } ZEND_HASH_FOREACH_END();
83 if (flags & ZEND_ACC_CHANGED) {
84 while (ce->parent && ce->parent->default_properties_count) {
85 ce = ce->parent;
86 ZEND_HASH_FOREACH_PTR(&ce->properties_info, prop_info) {
87 if (prop_info->ce == ce &&
88 !(prop_info->flags & ZEND_ACC_STATIC) &&
89 (prop_info->flags & ZEND_ACC_PRIVATE)) {
90 zval zv;
91
92 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
93 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
94 }
95
96 ZVAL_INDIRECT(&zv, OBJ_PROP(zobj, prop_info->offset));
97 zend_hash_add(zobj->properties, prop_info->name, &zv);
98 }
99 } ZEND_HASH_FOREACH_END();
100 }
101 }
102 }
103 }
104 }
105 /* }}} */
106
zend_std_get_properties(zval * object)107 ZEND_API HashTable *zend_std_get_properties(zval *object) /* {{{ */
108 {
109 zend_object *zobj;
110 zobj = Z_OBJ_P(object);
111 if (!zobj->properties) {
112 rebuild_object_properties(zobj);
113 }
114 return zobj->properties;
115 }
116 /* }}} */
117
zend_std_get_gc(zval * object,zval ** table,int * n)118 ZEND_API HashTable *zend_std_get_gc(zval *object, zval **table, int *n) /* {{{ */
119 {
120 if (Z_OBJ_HANDLER_P(object, get_properties) != zend_std_get_properties) {
121 *table = NULL;
122 *n = 0;
123 return Z_OBJ_HANDLER_P(object, get_properties)(object);
124 } else {
125 zend_object *zobj = Z_OBJ_P(object);
126
127 if (zobj->properties) {
128 *table = NULL;
129 *n = 0;
130 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)
131 && EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
132 GC_DELREF(zobj->properties);
133 zobj->properties = zend_array_dup(zobj->properties);
134 }
135 return zobj->properties;
136 } else {
137 *table = zobj->properties_table;
138 *n = zobj->ce->default_properties_count;
139 return NULL;
140 }
141 }
142 }
143 /* }}} */
144
zend_std_get_debug_info(zval * object,int * is_temp)145 ZEND_API HashTable *zend_std_get_debug_info(zval *object, int *is_temp) /* {{{ */
146 {
147 zend_class_entry *ce = Z_OBJCE_P(object);
148 zval retval;
149 HashTable *ht;
150
151 if (!ce->__debugInfo) {
152 *is_temp = 0;
153 return Z_OBJ_HANDLER_P(object, get_properties)(object);
154 }
155
156 zend_call_method_with_0_params(object, ce, &ce->__debugInfo, ZEND_DEBUGINFO_FUNC_NAME, &retval);
157 if (Z_TYPE(retval) == IS_ARRAY) {
158 if (!Z_REFCOUNTED(retval)) {
159 *is_temp = 1;
160 return zend_array_dup(Z_ARRVAL(retval));
161 } else if (Z_REFCOUNT(retval) <= 1) {
162 *is_temp = 1;
163 ht = Z_ARR(retval);
164 return ht;
165 } else {
166 *is_temp = 0;
167 zval_ptr_dtor(&retval);
168 return Z_ARRVAL(retval);
169 }
170 } else if (Z_TYPE(retval) == IS_NULL) {
171 *is_temp = 1;
172 ht = zend_new_array(0);
173 return ht;
174 }
175
176 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
177
178 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
179 }
180 /* }}} */
181
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)182 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
183 {
184 zend_class_entry *ce = zobj->ce;
185 zend_class_entry *orig_fake_scope = EG(fake_scope);
186 zend_fcall_info fci;
187 zend_fcall_info_cache fcic;
188 zval member;
189
190 EG(fake_scope) = NULL;
191
192 /* __get handler is called with one argument:
193 property name
194
195 it should return whether the call was successful or not
196 */
197
198 ZVAL_STR(&member, prop_name);
199
200 fci.size = sizeof(fci);
201 fci.object = zobj;
202 fci.retval = retval;
203 fci.param_count = 1;
204 fci.params = &member;
205 fci.no_separation = 1;
206 ZVAL_UNDEF(&fci.function_name); /* Unused */
207
208 fcic.function_handler = ce->__get;
209 fcic.called_scope = ce;
210 fcic.object = zobj;
211
212 zend_call_function(&fci, &fcic);
213
214 EG(fake_scope) = orig_fake_scope;
215 }
216 /* }}} */
217
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)218 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
219 {
220 zend_class_entry *ce = zobj->ce;
221 zend_class_entry *orig_fake_scope = EG(fake_scope);
222 zend_fcall_info fci;
223 zend_fcall_info_cache fcic;
224 zval args[2], ret;
225
226 EG(fake_scope) = NULL;
227
228 /* __set handler is called with two arguments:
229 property name
230 value to be set
231 */
232
233 ZVAL_STR(&args[0], prop_name);
234 ZVAL_COPY_VALUE(&args[1], value);
235 ZVAL_UNDEF(&ret);
236
237 fci.size = sizeof(fci);
238 fci.object = zobj;
239 fci.retval = &ret;
240 fci.param_count = 2;
241 fci.params = args;
242 fci.no_separation = 1;
243 ZVAL_UNDEF(&fci.function_name); /* Unused */
244
245 fcic.function_handler = ce->__set;
246 fcic.called_scope = ce;
247 fcic.object = zobj;
248
249 zend_call_function(&fci, &fcic);
250 zval_ptr_dtor(&ret);
251
252 EG(fake_scope) = orig_fake_scope;
253 }
254 /* }}} */
255
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)256 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
257 {
258 zend_class_entry *ce = zobj->ce;
259 zend_class_entry *orig_fake_scope = EG(fake_scope);
260 zend_fcall_info fci;
261 zend_fcall_info_cache fcic;
262 zval ret, member;
263
264 EG(fake_scope) = NULL;
265
266 /* __unset handler is called with one argument:
267 property name
268 */
269
270 ZVAL_STR(&member, prop_name);
271 ZVAL_UNDEF(&ret);
272
273 fci.size = sizeof(fci);
274 fci.object = zobj;
275 fci.retval = &ret;
276 fci.param_count = 1;
277 fci.params = &member;
278 fci.no_separation = 1;
279 ZVAL_UNDEF(&fci.function_name); /* Unused */
280
281 fcic.function_handler = ce->__unset;
282 fcic.called_scope = ce;
283 fcic.object = zobj;
284
285 zend_call_function(&fci, &fcic);
286 zval_ptr_dtor(&ret);
287
288 EG(fake_scope) = orig_fake_scope;
289 }
290 /* }}} */
291
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)292 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
293 {
294 zend_class_entry *ce = zobj->ce;
295 zend_class_entry *orig_fake_scope = EG(fake_scope);
296 zend_fcall_info fci;
297 zend_fcall_info_cache fcic;
298 zval member;
299
300 EG(fake_scope) = NULL;
301
302 /* __isset handler is called with one argument:
303 property name
304
305 it should return whether the property is set or not
306 */
307
308 ZVAL_STR(&member, prop_name);
309
310 fci.size = sizeof(fci);
311 fci.object = zobj;
312 fci.retval = retval;
313 fci.param_count = 1;
314 fci.params = &member;
315 fci.no_separation = 1;
316 ZVAL_UNDEF(&fci.function_name); /* Unused */
317
318 fcic.function_handler = ce->__isset;
319 fcic.called_scope = ce;
320 fcic.object = zobj;
321
322 zend_call_function(&fci, &fcic);
323
324 EG(fake_scope) = orig_fake_scope;
325 }
326 /* }}} */
327
328
is_derived_class(zend_class_entry * child_class,zend_class_entry * parent_class)329 static zend_always_inline zend_bool is_derived_class(zend_class_entry *child_class, zend_class_entry *parent_class) /* {{{ */
330 {
331 child_class = child_class->parent;
332 while (child_class) {
333 if (child_class == parent_class) {
334 return 1;
335 }
336 child_class = child_class->parent;
337 }
338
339 return 0;
340 }
341 /* }}} */
342
is_protected_compatible_scope(zend_class_entry * ce,zend_class_entry * scope)343 static zend_never_inline int is_protected_compatible_scope(zend_class_entry *ce, zend_class_entry *scope) /* {{{ */
344 {
345 return scope &&
346 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
347 }
348 /* }}} */
349
zend_get_parent_private_property(zend_class_entry * scope,zend_class_entry * ce,zend_string * member)350 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, zend_class_entry *ce, zend_string *member) /* {{{ */
351 {
352 zval *zv;
353 zend_property_info *prop_info;
354
355 if (scope != ce && scope && is_derived_class(ce, scope)) {
356 zv = zend_hash_find(&scope->properties_info, member);
357 if (zv != NULL) {
358 prop_info = (zend_property_info*)Z_PTR_P(zv);
359 if ((prop_info->flags & ZEND_ACC_PRIVATE)
360 && prop_info->ce == scope) {
361 return prop_info;
362 }
363 }
364 }
365 return NULL;
366 }
367 /* }}} */
368
zend_bad_property_access(zend_property_info * property_info,zend_class_entry * ce,zend_string * member)369 static ZEND_COLD zend_never_inline void zend_bad_property_access(zend_property_info *property_info, zend_class_entry *ce, zend_string *member) /* {{{ */
370 {
371 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
372 }
373 /* }}} */
374
zend_bad_property_name(void)375 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
376 {
377 zend_throw_error(NULL, "Cannot access property started with '\\0'");
378 }
379 /* }}} */
380
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,zend_property_info ** info_ptr)381 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, zend_property_info **info_ptr) /* {{{ */
382 {
383 zval *zv;
384 zend_property_info *property_info;
385 uint32_t flags;
386 zend_class_entry *scope;
387 uintptr_t offset;
388
389 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
390 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
391 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
392 }
393
394 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
395 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
396 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
397 if (!silent) {
398 zend_bad_property_name();
399 }
400 return ZEND_WRONG_PROPERTY_OFFSET;
401 }
402 dynamic:
403 if (cache_slot) {
404 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
405 CACHE_PTR_EX(cache_slot + 2, NULL);
406 }
407 return ZEND_DYNAMIC_PROPERTY_OFFSET;
408 }
409
410 property_info = (zend_property_info*)Z_PTR_P(zv);
411 flags = property_info->flags;
412
413 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
414 if (UNEXPECTED(EG(fake_scope))) {
415 scope = EG(fake_scope);
416 } else {
417 scope = zend_get_executed_scope();
418 }
419
420 if (property_info->ce != scope) {
421 if (flags & ZEND_ACC_CHANGED) {
422 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
423
424 /* If there is a public/protected instance property on ce, don't try to use a
425 * private static property on scope. If both are static, prefer the static
426 * property on scope. This will throw a static property notice, rather than
427 * a visibility error. */
428 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
429 property_info = p;
430 flags = property_info->flags;
431 goto found;
432 } else if (flags & ZEND_ACC_PUBLIC) {
433 goto found;
434 }
435 }
436 if (flags & ZEND_ACC_PRIVATE) {
437 if (property_info->ce != ce) {
438 goto dynamic;
439 } else {
440 wrong:
441 /* Information was available, but we were denied access. Error out. */
442 if (!silent) {
443 zend_bad_property_access(property_info, ce, member);
444 }
445 return ZEND_WRONG_PROPERTY_OFFSET;
446 }
447 } else {
448 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
449 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
450 goto wrong;
451 }
452 }
453 }
454 }
455
456 found:
457 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
458 if (!silent) {
459 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
460 }
461 return ZEND_DYNAMIC_PROPERTY_OFFSET;
462 }
463
464 offset = property_info->offset;
465 if (EXPECTED(!property_info->type)) {
466 property_info = NULL;
467 } else {
468 *info_ptr = property_info;
469 }
470 if (cache_slot) {
471 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
472 CACHE_PTR_EX(cache_slot + 2, property_info);
473 }
474 return offset;
475 }
476 /* }}} */
477
zend_wrong_offset(zend_class_entry * ce,zend_string * member)478 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
479 {
480 zend_property_info *dummy;
481
482 /* Trigger the correct error */
483 zend_get_property_offset(ce, member, 0, NULL, &dummy);
484 }
485 /* }}} */
486
zend_get_property_info(zend_class_entry * ce,zend_string * member,int silent)487 ZEND_API zend_property_info *zend_get_property_info(zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
488 {
489 zval *zv;
490 zend_property_info *property_info;
491 uint32_t flags;
492 zend_class_entry *scope;
493
494 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
495 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
496 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
497 if (!silent) {
498 zend_bad_property_name();
499 }
500 return ZEND_WRONG_PROPERTY_INFO;
501 }
502 dynamic:
503 return NULL;
504 }
505
506 property_info = (zend_property_info*)Z_PTR_P(zv);
507 flags = property_info->flags;
508
509 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
510 if (UNEXPECTED(EG(fake_scope))) {
511 scope = EG(fake_scope);
512 } else {
513 scope = zend_get_executed_scope();
514 }
515 if (property_info->ce != scope) {
516 if (flags & ZEND_ACC_CHANGED) {
517 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
518
519 if (p) {
520 property_info = p;
521 flags = property_info->flags;
522 goto found;
523 } else if (flags & ZEND_ACC_PUBLIC) {
524 goto found;
525 }
526 }
527 if (flags & ZEND_ACC_PRIVATE) {
528 if (property_info->ce != ce) {
529 goto dynamic;
530 } else {
531 wrong:
532 /* Information was available, but we were denied access. Error out. */
533 if (!silent) {
534 zend_bad_property_access(property_info, ce, member);
535 }
536 return ZEND_WRONG_PROPERTY_INFO;
537 }
538 } else {
539 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
540 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
541 goto wrong;
542 }
543 }
544 }
545 }
546
547 found:
548 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
549 if (!silent) {
550 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
551 }
552 }
553 return property_info;
554 }
555 /* }}} */
556
zend_check_property_access(zend_object * zobj,zend_string * prop_info_name,zend_bool is_dynamic)557 ZEND_API int zend_check_property_access(zend_object *zobj, zend_string *prop_info_name, zend_bool is_dynamic) /* {{{ */
558 {
559 zend_property_info *property_info;
560 const char *class_name = NULL;
561 const char *prop_name;
562 zend_string *member;
563 size_t prop_name_len;
564
565 if (ZSTR_VAL(prop_info_name)[0] == 0) {
566 if (is_dynamic) {
567 return SUCCESS;
568 }
569
570 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
571 member = zend_string_init(prop_name, prop_name_len, 0);
572 property_info = zend_get_property_info(zobj->ce, member, 1);
573 zend_string_release_ex(member, 0);
574 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
575 return FAILURE;
576 }
577
578 if (class_name[0] != '*') {
579 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
580 /* we we're looking for a private prop but found a non private one of the same name */
581 return FAILURE;
582 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
583 /* we we're looking for a private prop but found a private one of the same name but another class */
584 return FAILURE;
585 }
586 } else {
587 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
588 }
589 return SUCCESS;
590 } else {
591 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
592 if (property_info == NULL) {
593 ZEND_ASSERT(is_dynamic);
594 return SUCCESS;
595 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
596 return FAILURE;
597 }
598 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
599 }
600 }
601 /* }}} */
602
zend_property_guard_dtor(zval * el)603 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
604 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
605 if (EXPECTED(!(((zend_uintptr_t)ptr) & 1))) {
606 efree_size(ptr, sizeof(uint32_t));
607 }
608 }
609 /* }}} */
610
zend_get_property_guard(zend_object * zobj,zend_string * member)611 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
612 {
613 HashTable *guards;
614 zval *zv;
615 uint32_t *ptr;
616
617 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
618 zv = zobj->properties_table + zobj->ce->default_properties_count;
619 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
620 zend_string *str = Z_STR_P(zv);
621 if (EXPECTED(str == member) ||
622 /* "str" always has a pre-calculated hash value here */
623 (EXPECTED(ZSTR_H(str) == zend_string_hash_val(member)) &&
624 EXPECTED(zend_string_equal_content(str, member)))) {
625 return &Z_PROPERTY_GUARD_P(zv);
626 } else if (EXPECTED(Z_PROPERTY_GUARD_P(zv) == 0)) {
627 zval_ptr_dtor_str(zv);
628 ZVAL_STR_COPY(zv, member);
629 return &Z_PROPERTY_GUARD_P(zv);
630 } else {
631 ALLOC_HASHTABLE(guards);
632 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
633 /* mark pointer as "special" using low bit */
634 zend_hash_add_new_ptr(guards, str,
635 (void*)(((zend_uintptr_t)&Z_PROPERTY_GUARD_P(zv)) | 1));
636 zval_ptr_dtor_str(zv);
637 ZVAL_ARR(zv, guards);
638 }
639 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
640 guards = Z_ARRVAL_P(zv);
641 ZEND_ASSERT(guards != NULL);
642 zv = zend_hash_find(guards, member);
643 if (zv != NULL) {
644 return (uint32_t*)(((zend_uintptr_t)Z_PTR_P(zv)) & ~1);
645 }
646 } else {
647 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
648 ZVAL_STR_COPY(zv, member);
649 Z_PROPERTY_GUARD_P(zv) = 0;
650 return &Z_PROPERTY_GUARD_P(zv);
651 }
652 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
653 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
654 *ptr = 0;
655 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
656 }
657 /* }}} */
658
zend_std_read_property(zval * object,zval * member,int type,void ** cache_slot,zval * rv)659 ZEND_API zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_slot, zval *rv) /* {{{ */
660 {
661 zend_object *zobj;
662 zend_string *name, *tmp_name;
663 zval *retval;
664 uintptr_t property_offset;
665 zend_property_info *prop_info = NULL;
666 uint32_t *guard = NULL;
667
668 zobj = Z_OBJ_P(object);
669 name = zval_try_get_tmp_string(member, &tmp_name);
670 if (UNEXPECTED(!name)) {
671 return &EG(uninitialized_zval);
672 }
673
674 #if DEBUG_OBJECT_HANDLERS
675 fprintf(stderr, "Read object #%d property: %s\n", Z_OBJ_HANDLE_P(object), ZSTR_VAL(name));
676 #endif
677
678 /* make zend_get_property_info silent if we have getter - we may want to use it */
679 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
680
681 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
682 retval = OBJ_PROP(zobj, property_offset);
683 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
684 goto exit;
685 }
686 if (UNEXPECTED(Z_PROP_FLAG_P(retval) == IS_PROP_UNINIT)) {
687 /* Skip __get() for uninitialized typed properties */
688 goto uninit_error;
689 }
690 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
691 if (EXPECTED(zobj->properties != NULL)) {
692 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
693 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
694
695 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
696 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
697
698 if (EXPECTED(Z_TYPE(p->val) != IS_UNDEF) &&
699 (EXPECTED(p->key == name) ||
700 (EXPECTED(p->h == ZSTR_H(name)) &&
701 EXPECTED(p->key != NULL) &&
702 EXPECTED(zend_string_equal_content(p->key, name))))) {
703 retval = &p->val;
704 goto exit;
705 }
706 }
707 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
708 }
709 retval = zend_hash_find(zobj->properties, name);
710 if (EXPECTED(retval)) {
711 if (cache_slot) {
712 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
713 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
714 }
715 goto exit;
716 }
717 }
718 } else if (UNEXPECTED(EG(exception))) {
719 retval = &EG(uninitialized_zval);
720 goto exit;
721 }
722
723 /* magic isset */
724 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
725 zval tmp_result;
726 guard = zend_get_property_guard(zobj, name);
727
728 if (!((*guard) & IN_ISSET)) {
729 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
730 tmp_name = zend_string_copy(name);
731 }
732 GC_ADDREF(zobj);
733 ZVAL_UNDEF(&tmp_result);
734
735 *guard |= IN_ISSET;
736 zend_std_call_issetter(zobj, name, &tmp_result);
737 *guard &= ~IN_ISSET;
738
739 if (!zend_is_true(&tmp_result)) {
740 retval = &EG(uninitialized_zval);
741 OBJ_RELEASE(zobj);
742 zval_ptr_dtor(&tmp_result);
743 goto exit;
744 }
745
746 zval_ptr_dtor(&tmp_result);
747 if (zobj->ce->__get && !((*guard) & IN_GET)) {
748 goto call_getter;
749 }
750 OBJ_RELEASE(zobj);
751 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
752 goto call_getter_addref;
753 }
754 } else if (zobj->ce->__get) {
755 /* magic get */
756 guard = zend_get_property_guard(zobj, name);
757 if (!((*guard) & IN_GET)) {
758 /* have getter - try with it! */
759 call_getter_addref:
760 GC_ADDREF(zobj);
761 call_getter:
762 *guard |= IN_GET; /* prevent circular getting */
763 zend_std_call_getter(zobj, name, rv);
764 *guard &= ~IN_GET;
765
766 if (Z_TYPE_P(rv) != IS_UNDEF) {
767 retval = rv;
768 if (!Z_ISREF_P(rv) &&
769 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
770 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
771 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
772 }
773 }
774 } else {
775 retval = &EG(uninitialized_zval);
776 }
777
778 if (UNEXPECTED(prop_info)) {
779 zend_verify_prop_assignable_by_ref(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0);
780 }
781
782 OBJ_RELEASE(zobj);
783 goto exit;
784 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
785 /* Trigger the correct error */
786 zend_get_property_offset(zobj->ce, name, 0, NULL, &prop_info);
787 ZEND_ASSERT(EG(exception));
788 retval = &EG(uninitialized_zval);
789 goto exit;
790 }
791 }
792
793 uninit_error:
794 if (type != BP_VAR_IS) {
795 if (UNEXPECTED(prop_info)) {
796 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
797 ZSTR_VAL(prop_info->ce->name),
798 ZSTR_VAL(name));
799 } else {
800 zend_error(E_NOTICE,"Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
801 }
802 }
803 retval = &EG(uninitialized_zval);
804
805 exit:
806 zend_tmp_string_release(tmp_name);
807
808 return retval;
809 }
810 /* }}} */
811
property_uses_strict_types()812 static zend_always_inline zend_bool property_uses_strict_types() {
813 zend_execute_data *execute_data = EG(current_execute_data);
814 return execute_data
815 && execute_data->func
816 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
817 }
818
zend_std_write_property(zval * object,zval * member,zval * value,void ** cache_slot)819 ZEND_API zval *zend_std_write_property(zval *object, zval *member, zval *value, void **cache_slot) /* {{{ */
820 {
821 zend_object *zobj;
822 zend_string *name, *tmp_name;
823 zval *variable_ptr, tmp;
824 uintptr_t property_offset;
825 zend_property_info *prop_info = NULL;
826 ZEND_ASSERT(!Z_ISREF_P(value));
827
828 zobj = Z_OBJ_P(object);
829 name = zval_try_get_tmp_string(member, &tmp_name);
830 if (UNEXPECTED(!name)) {
831 return value;
832 }
833
834 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
835
836 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
837 variable_ptr = OBJ_PROP(zobj, property_offset);
838 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
839 Z_TRY_ADDREF_P(value);
840
841 if (UNEXPECTED(prop_info)) {
842 ZVAL_COPY_VALUE(&tmp, value);
843 if (UNEXPECTED(!zend_verify_property_type(prop_info, &tmp, property_uses_strict_types()))) {
844 Z_TRY_DELREF_P(value);
845 variable_ptr = &EG(error_zval);
846 goto exit;
847 }
848 value = &tmp;
849 }
850
851 found:
852 variable_ptr = zend_assign_to_variable(
853 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types());
854 goto exit;
855 }
856 if (Z_PROP_FLAG_P(variable_ptr) == IS_PROP_UNINIT) {
857 /* Writes to uninitializde typed properties bypass __set(). */
858 Z_PROP_FLAG_P(variable_ptr) = 0;
859 goto write_std_property;
860 }
861 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
862 if (EXPECTED(zobj->properties != NULL)) {
863 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
864 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
865 GC_DELREF(zobj->properties);
866 }
867 zobj->properties = zend_array_dup(zobj->properties);
868 }
869 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
870 Z_TRY_ADDREF_P(value);
871 goto found;
872 }
873 }
874 } else if (UNEXPECTED(EG(exception))) {
875 variable_ptr = &EG(error_zval);
876 goto exit;
877 }
878
879 /* magic set */
880 if (zobj->ce->__set) {
881 uint32_t *guard = zend_get_property_guard(zobj, name);
882
883 if (!((*guard) & IN_SET)) {
884 GC_ADDREF(zobj);
885 (*guard) |= IN_SET; /* prevent circular setting */
886 zend_std_call_setter(zobj, name, value);
887 (*guard) &= ~IN_SET;
888 OBJ_RELEASE(zobj);
889 variable_ptr = value;
890 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
891 goto write_std_property;
892 } else {
893 /* Trigger the correct error */
894 zend_wrong_offset(zobj->ce, name);
895 ZEND_ASSERT(EG(exception));
896 variable_ptr = &EG(error_zval);
897 goto exit;
898 }
899 } else {
900 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
901 write_std_property:
902 Z_TRY_ADDREF_P(value);
903 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
904
905 variable_ptr = OBJ_PROP(zobj, property_offset);
906
907 if (UNEXPECTED(prop_info)) {
908 ZVAL_COPY_VALUE(&tmp, value);
909 if (UNEXPECTED(!zend_verify_property_type(prop_info, &tmp, property_uses_strict_types()))) {
910 zval_ptr_dtor(value);
911 goto exit;
912 }
913 value = &tmp;
914 goto found; /* might have been updated via e.g. __toString() */
915 }
916
917 ZVAL_COPY_VALUE(variable_ptr, value);
918 } else {
919 if (!zobj->properties) {
920 rebuild_object_properties(zobj);
921 }
922 variable_ptr = zend_hash_add_new(zobj->properties, name, value);
923 }
924 }
925
926 exit:
927 zend_tmp_string_release(tmp_name);
928 return variable_ptr;
929 }
930 /* }}} */
931
zend_bad_array_access(zend_class_entry * ce)932 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
933 {
934 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
935 }
936 /* }}} */
937
zend_std_read_dimension(zval * object,zval * offset,int type,zval * rv)938 ZEND_API zval *zend_std_read_dimension(zval *object, zval *offset, int type, zval *rv) /* {{{ */
939 {
940 zend_class_entry *ce = Z_OBJCE_P(object);
941 zval tmp_offset, tmp_object;
942
943 if (EXPECTED(instanceof_function_ex(ce, zend_ce_arrayaccess, 1) != 0)) {
944 if (offset == NULL) {
945 /* [] construct */
946 ZVAL_NULL(&tmp_offset);
947 } else {
948 ZVAL_COPY_DEREF(&tmp_offset, offset);
949 }
950
951 Z_ADDREF_P(object);
952 ZVAL_OBJ(&tmp_object, Z_OBJ_P(object));
953 if (type == BP_VAR_IS) {
954 zend_call_method_with_1_params(&tmp_object, ce, NULL, "offsetexists", rv, &tmp_offset);
955 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
956 zval_ptr_dtor(&tmp_object);
957 zval_ptr_dtor(&tmp_offset);
958 return NULL;
959 }
960 if (!i_zend_is_true(rv)) {
961 zval_ptr_dtor(&tmp_object);
962 zval_ptr_dtor(&tmp_offset);
963 zval_ptr_dtor(rv);
964 return &EG(uninitialized_zval);
965 }
966 zval_ptr_dtor(rv);
967 }
968
969 zend_call_method_with_1_params(&tmp_object, ce, NULL, "offsetget", rv, &tmp_offset);
970
971 zval_ptr_dtor(&tmp_object);
972 zval_ptr_dtor(&tmp_offset);
973
974 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
975 if (UNEXPECTED(!EG(exception))) {
976 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
977 }
978 return NULL;
979 }
980 return rv;
981 } else {
982 zend_bad_array_access(ce);
983 return NULL;
984 }
985 }
986 /* }}} */
987
zend_std_write_dimension(zval * object,zval * offset,zval * value)988 ZEND_API void zend_std_write_dimension(zval *object, zval *offset, zval *value) /* {{{ */
989 {
990 zend_class_entry *ce = Z_OBJCE_P(object);
991 zval tmp_offset, tmp_object;
992
993 if (EXPECTED(instanceof_function_ex(ce, zend_ce_arrayaccess, 1) != 0)) {
994 if (!offset) {
995 ZVAL_NULL(&tmp_offset);
996 } else {
997 ZVAL_COPY_DEREF(&tmp_offset, offset);
998 }
999 Z_ADDREF_P(object);
1000 ZVAL_OBJ(&tmp_object, Z_OBJ_P(object));
1001 zend_call_method_with_2_params(&tmp_object, ce, NULL, "offsetset", NULL, &tmp_offset, value);
1002 zval_ptr_dtor(&tmp_object);
1003 zval_ptr_dtor(&tmp_offset);
1004 } else {
1005 zend_bad_array_access(ce);
1006 }
1007 }
1008 /* }}} */
1009
zend_std_has_dimension(zval * object,zval * offset,int check_empty)1010 ZEND_API int zend_std_has_dimension(zval *object, zval *offset, int check_empty) /* {{{ */
1011 {
1012 zend_class_entry *ce = Z_OBJCE_P(object);
1013 zval retval, tmp_offset, tmp_object;
1014 int result;
1015
1016 if (EXPECTED(instanceof_function_ex(ce, zend_ce_arrayaccess, 1) != 0)) {
1017 ZVAL_COPY_DEREF(&tmp_offset, offset);
1018 Z_ADDREF_P(object);
1019 ZVAL_OBJ(&tmp_object, Z_OBJ_P(object));
1020 zend_call_method_with_1_params(&tmp_object, ce, NULL, "offsetexists", &retval, &tmp_offset);
1021 result = i_zend_is_true(&retval);
1022 zval_ptr_dtor(&retval);
1023 if (check_empty && result && EXPECTED(!EG(exception))) {
1024 zend_call_method_with_1_params(&tmp_object, ce, NULL, "offsetget", &retval, &tmp_offset);
1025 result = i_zend_is_true(&retval);
1026 zval_ptr_dtor(&retval);
1027 }
1028 zval_ptr_dtor(&tmp_object);
1029 zval_ptr_dtor(&tmp_offset);
1030 } else {
1031 zend_bad_array_access(ce);
1032 return 0;
1033 }
1034 return result;
1035 }
1036 /* }}} */
1037
zend_std_get_property_ptr_ptr(zval * object,zval * member,int type,void ** cache_slot)1038 ZEND_API zval *zend_std_get_property_ptr_ptr(zval *object, zval *member, int type, void **cache_slot) /* {{{ */
1039 {
1040 zend_object *zobj;
1041 zend_string *name, *tmp_name;
1042 zval *retval = NULL;
1043 uintptr_t property_offset;
1044 zend_property_info *prop_info = NULL;
1045
1046 zobj = Z_OBJ_P(object);
1047 name = zval_try_get_tmp_string(member, &tmp_name);
1048 if (UNEXPECTED(!name)) {
1049 return &EG(error_zval);
1050 }
1051
1052 #if DEBUG_OBJECT_HANDLERS
1053 fprintf(stderr, "Ptr object #%d property: %s\n", Z_OBJ_HANDLE_P(object), ZSTR_VAL(name));
1054 #endif
1055
1056 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1057
1058 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1059 retval = OBJ_PROP(zobj, property_offset);
1060 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1061 if (EXPECTED(!zobj->ce->__get) ||
1062 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1063 UNEXPECTED(prop_info && Z_PROP_FLAG_P(retval) == IS_PROP_UNINIT)) {
1064 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1065 if (UNEXPECTED(prop_info)) {
1066 zend_throw_error(NULL,
1067 "Typed property %s::$%s must not be accessed before initialization",
1068 ZSTR_VAL(prop_info->ce->name),
1069 ZSTR_VAL(name));
1070 retval = &EG(error_zval);
1071 } else {
1072 ZVAL_NULL(retval);
1073 zend_error(E_NOTICE, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1074 }
1075 }
1076 } else {
1077 /* we do have getter - fail and let it try again with usual get/set */
1078 retval = NULL;
1079 }
1080 }
1081 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1082 if (EXPECTED(zobj->properties)) {
1083 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1084 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1085 GC_DELREF(zobj->properties);
1086 }
1087 zobj->properties = zend_array_dup(zobj->properties);
1088 }
1089 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1090 zend_tmp_string_release(tmp_name);
1091 return retval;
1092 }
1093 }
1094 if (EXPECTED(!zobj->ce->__get) ||
1095 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1096 if (UNEXPECTED(!zobj->properties)) {
1097 rebuild_object_properties(zobj);
1098 }
1099 retval = zend_hash_update(zobj->properties, name, &EG(uninitialized_zval));
1100 /* Notice is thrown after creation of the property, to avoid EG(std_property_info)
1101 * being overwritten in an error handler. */
1102 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1103 zend_error(E_NOTICE, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1104 }
1105 }
1106 } else if (zobj->ce->__get == NULL) {
1107 retval = &EG(error_zval);
1108 }
1109
1110 zend_tmp_string_release(tmp_name);
1111 return retval;
1112 }
1113 /* }}} */
1114
zend_std_unset_property(zval * object,zval * member,void ** cache_slot)1115 ZEND_API void zend_std_unset_property(zval *object, zval *member, void **cache_slot) /* {{{ */
1116 {
1117 zend_object *zobj;
1118 zend_string *name, *tmp_name;
1119 uintptr_t property_offset;
1120 zend_property_info *prop_info = NULL;
1121
1122 zobj = Z_OBJ_P(object);
1123 name = zval_try_get_tmp_string(member, &tmp_name);
1124 if (UNEXPECTED(!name)) {
1125 return;
1126 }
1127
1128 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1129
1130 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1131 zval *slot = OBJ_PROP(zobj, property_offset);
1132
1133 if (Z_TYPE_P(slot) != IS_UNDEF) {
1134 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1135 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1136 if (prop_info) {
1137 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1138 }
1139 }
1140 zval tmp;
1141 ZVAL_COPY_VALUE(&tmp, slot);
1142 ZVAL_UNDEF(slot);
1143 zval_ptr_dtor(&tmp);
1144 if (zobj->properties) {
1145 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1146 }
1147 goto exit;
1148 }
1149 if (UNEXPECTED(Z_PROP_FLAG_P(slot) == IS_PROP_UNINIT)) {
1150 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1151 Z_PROP_FLAG_P(slot) = 0;
1152 goto exit;
1153 }
1154 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1155 && EXPECTED(zobj->properties != NULL)) {
1156 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1157 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1158 GC_DELREF(zobj->properties);
1159 }
1160 zobj->properties = zend_array_dup(zobj->properties);
1161 }
1162 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1163 goto exit;
1164 }
1165 } else if (UNEXPECTED(EG(exception))) {
1166 goto exit;
1167 }
1168
1169 /* magic unset */
1170 if (zobj->ce->__unset) {
1171 uint32_t *guard = zend_get_property_guard(zobj, name);
1172 if (!((*guard) & IN_UNSET)) {
1173 /* have unseter - try with it! */
1174 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1175 zend_std_call_unsetter(zobj, name);
1176 (*guard) &= ~IN_UNSET;
1177 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1178 /* Trigger the correct error */
1179 zend_wrong_offset(zobj->ce, name);
1180 ZEND_ASSERT(EG(exception));
1181 goto exit;
1182 } else {
1183 /* Nothing to do: The property already does not exist. */
1184 }
1185 }
1186
1187 exit:
1188 zend_tmp_string_release(tmp_name);
1189 }
1190 /* }}} */
1191
zend_std_unset_dimension(zval * object,zval * offset)1192 ZEND_API void zend_std_unset_dimension(zval *object, zval *offset) /* {{{ */
1193 {
1194 zend_class_entry *ce = Z_OBJCE_P(object);
1195 zval tmp_offset, tmp_object;
1196
1197 if (instanceof_function_ex(ce, zend_ce_arrayaccess, 1)) {
1198 ZVAL_COPY_DEREF(&tmp_offset, offset);
1199 Z_ADDREF_P(object);
1200 ZVAL_OBJ(&tmp_object, Z_OBJ_P(object));
1201 zend_call_method_with_1_params(&tmp_object, ce, NULL, "offsetunset", NULL, &tmp_offset);
1202 zval_ptr_dtor(&tmp_object);
1203 zval_ptr_dtor(&tmp_offset);
1204 } else {
1205 zend_bad_array_access(ce);
1206 }
1207 }
1208 /* }}} */
1209
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1210 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1211 {
1212 zval *func;
1213 zend_function *fbc;
1214
1215 if (scope != ce && scope && is_derived_class(ce, scope)) {
1216 func = zend_hash_find(&scope->function_table, function_name);
1217 if (func != NULL) {
1218 fbc = Z_FUNC_P(func);
1219 if (fbc->common.fn_flags & ZEND_ACC_PRIVATE
1220 && fbc->common.scope == scope) {
1221 return fbc;
1222 }
1223 }
1224 }
1225 return NULL;
1226 }
1227 /* }}} */
1228
1229 /* Ensures that we're allowed to call a protected method.
1230 */
zend_check_protected(zend_class_entry * ce,zend_class_entry * scope)1231 ZEND_API int zend_check_protected(zend_class_entry *ce, zend_class_entry *scope) /* {{{ */
1232 {
1233 zend_class_entry *fbc_scope = ce;
1234
1235 /* Is the context that's calling the function, the same as one of
1236 * the function's parents?
1237 */
1238 while (fbc_scope) {
1239 if (fbc_scope==scope) {
1240 return 1;
1241 }
1242 fbc_scope = fbc_scope->parent;
1243 }
1244
1245 /* Is the function's scope the same as our current object context,
1246 * or any of the parents of our context?
1247 */
1248 while (scope) {
1249 if (scope==ce) {
1250 return 1;
1251 }
1252 scope = scope->parent;
1253 }
1254 return 0;
1255 }
1256 /* }}} */
1257
zend_get_call_trampoline_func(zend_class_entry * ce,zend_string * method_name,int is_static)1258 ZEND_API zend_function *zend_get_call_trampoline_func(zend_class_entry *ce, zend_string *method_name, int is_static) /* {{{ */
1259 {
1260 size_t mname_len;
1261 zend_op_array *func;
1262 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1263 /* We use non-NULL value to avoid useless run_time_cache allocation.
1264 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1265 */
1266 static const void *dummy = (void*)(intptr_t)2;
1267
1268 ZEND_ASSERT(fbc);
1269
1270 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1271 func = &EG(trampoline).op_array;
1272 } else {
1273 func = ecalloc(1, sizeof(zend_op_array));
1274 }
1275
1276 func->type = ZEND_USER_FUNCTION;
1277 func->arg_flags[0] = 0;
1278 func->arg_flags[1] = 0;
1279 func->arg_flags[2] = 0;
1280 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE | ZEND_ACC_PUBLIC;
1281 if (is_static) {
1282 func->fn_flags |= ZEND_ACC_STATIC;
1283 }
1284 func->opcodes = &EG(call_trampoline_op);
1285 ZEND_MAP_PTR_INIT(func->run_time_cache, (void***)&dummy);
1286 func->scope = fbc->common.scope;
1287 /* reserve space for arguments, local and temporary variables */
1288 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, 2) : 2;
1289 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1290 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1291 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1292
1293 //??? keep compatibility for "\0" characters
1294 //??? see: Zend/tests/bug46238.phpt
1295 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1296 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1297 } else {
1298 func->function_name = zend_string_copy(method_name);
1299 }
1300
1301 func->prototype = NULL;
1302 func->num_args = 0;
1303 func->required_num_args = 0;
1304 func->arg_info = 0;
1305
1306 return (zend_function*)func;
1307 }
1308 /* }}} */
1309
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1310 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1311 {
1312 return zend_get_call_trampoline_func(ce, method_name, 0);
1313 }
1314 /* }}} */
1315
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1316 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1317 {
1318 zend_throw_error(NULL, "Call to %s method %s::%s() from context '%s'", zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name), scope ? ZSTR_VAL(scope->name) : "");
1319 }
1320 /* }}} */
1321
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1322 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1323 {
1324 zend_object *zobj = *obj_ptr;
1325 zval *func;
1326 zend_function *fbc;
1327 zend_string *lc_method_name;
1328 zend_class_entry *scope;
1329 ALLOCA_FLAG(use_heap);
1330
1331 if (EXPECTED(key != NULL)) {
1332 lc_method_name = Z_STR_P(key);
1333 #ifdef ZEND_ALLOCA_MAX_SIZE
1334 use_heap = 0;
1335 #endif
1336 } else {
1337 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1338 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1339 }
1340
1341 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1342 if (UNEXPECTED(!key)) {
1343 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1344 }
1345 if (zobj->ce->__call) {
1346 return zend_get_user_call_function(zobj->ce, method_name);
1347 } else {
1348 return NULL;
1349 }
1350 }
1351
1352 fbc = Z_FUNC_P(func);
1353
1354 /* Check access level */
1355 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1356 scope = zend_get_executed_scope();
1357
1358 if (fbc->common.scope != scope) {
1359 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1360 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1361
1362 if (EXPECTED(updated_fbc != NULL)) {
1363 fbc = updated_fbc;
1364 goto exit;
1365 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1366 goto exit;
1367 }
1368 }
1369 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1370 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1371 if (zobj->ce->__call) {
1372 fbc = zend_get_user_call_function(zobj->ce, method_name);
1373 } else {
1374 zend_bad_method_call(fbc, method_name, scope);
1375 fbc = NULL;
1376 }
1377 }
1378 }
1379 }
1380
1381 exit:
1382 if (UNEXPECTED(!key)) {
1383 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1384 }
1385 return fbc;
1386 }
1387 /* }}} */
1388
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1389 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1390 {
1391 return zend_get_call_trampoline_func(ce, method_name, 1);
1392 }
1393 /* }}} */
1394
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1395 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1396 {
1397 zend_function *fbc = NULL;
1398 zend_string *lc_function_name;
1399 zend_object *object;
1400 zend_class_entry *scope;
1401
1402 if (EXPECTED(key != NULL)) {
1403 lc_function_name = Z_STR_P(key);
1404 } else {
1405 lc_function_name = zend_string_tolower(function_name);
1406 }
1407
1408 do {
1409 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1410 if (EXPECTED(func != NULL)) {
1411 fbc = Z_FUNC_P(func);
1412 } else if (ce->constructor
1413 && ZSTR_LEN(lc_function_name) == ZSTR_LEN(ce->name)
1414 && zend_binary_strncasecmp(ZSTR_VAL(lc_function_name), ZSTR_LEN(lc_function_name), ZSTR_VAL(ce->name), ZSTR_LEN(lc_function_name), ZSTR_LEN(lc_function_name)) == 0
1415 /* Only change the method to the constructor if the constructor isn't called __construct
1416 * we check for __ so we can be binary safe for lowering, we should use ZEND_CONSTRUCTOR_FUNC_NAME
1417 */
1418 && (ZSTR_VAL(ce->constructor->common.function_name)[0] != '_'
1419 || ZSTR_VAL(ce->constructor->common.function_name)[1] != '_')) {
1420 fbc = ce->constructor;
1421 } else {
1422 if (UNEXPECTED(!key)) {
1423 zend_string_release_ex(lc_function_name, 0);
1424 }
1425 if (ce->__call &&
1426 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1427 instanceof_function(object->ce, ce)) {
1428 /* Call the top-level defined __call().
1429 * see: tests/classes/__call_004.phpt */
1430
1431 zend_class_entry *call_ce = object->ce;
1432
1433 while (!call_ce->__call) {
1434 call_ce = call_ce->parent;
1435 }
1436 return zend_get_user_call_function(call_ce, function_name);
1437 } else if (ce->__callstatic) {
1438 return zend_get_user_callstatic_function(ce, function_name);
1439 } else {
1440 return NULL;
1441 }
1442 }
1443 } while (0);
1444
1445 #if MBO_0
1446 /* right now this function is used for non static method lookup too */
1447 /* Is the function static */
1448 if (UNEXPECTED(!(fbc->common.fn_flags & ZEND_ACC_STATIC))) {
1449 zend_error_noreturn(E_ERROR, "Cannot call non static method %s::%s() without object", ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(fbc->common.function_name));
1450 }
1451 #endif
1452 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1453 scope = zend_get_executed_scope();
1454 if (UNEXPECTED(fbc->common.scope != scope)) {
1455 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1456 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1457 if (ce->__callstatic) {
1458 fbc = zend_get_user_callstatic_function(ce, function_name);
1459 } else {
1460 zend_bad_method_call(fbc, function_name, scope);
1461 fbc = NULL;
1462 }
1463 }
1464 }
1465 }
1466
1467 if (UNEXPECTED(!key)) {
1468 zend_string_release_ex(lc_function_name, 0);
1469 }
1470
1471 return fbc;
1472 }
1473 /* }}} */
1474
zend_class_init_statics(zend_class_entry * class_type)1475 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1476 {
1477 int i;
1478 zval *p;
1479
1480 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1481 if (class_type->parent) {
1482 zend_class_init_statics(class_type->parent);
1483 }
1484
1485 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1486 for (i = 0; i < class_type->default_static_members_count; i++) {
1487 p = &class_type->default_static_members_table[i];
1488 if (Z_TYPE_P(p) == IS_INDIRECT) {
1489 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1490 ZVAL_DEINDIRECT(q);
1491 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1492 } else {
1493 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1494 }
1495 }
1496 }
1497 } /* }}} */
1498
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1499 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1500 {
1501 zval *ret;
1502 zend_class_entry *scope;
1503 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1504 *property_info_ptr = property_info;
1505
1506 if (UNEXPECTED(property_info == NULL)) {
1507 goto undeclared_property;
1508 }
1509
1510 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1511 if (UNEXPECTED(EG(fake_scope))) {
1512 scope = EG(fake_scope);
1513 } else {
1514 scope = zend_get_executed_scope();
1515 }
1516 if (property_info->ce != scope) {
1517 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1518 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1519 if (type != BP_VAR_IS) {
1520 zend_bad_property_access(property_info, ce, property_name);
1521 }
1522 return NULL;
1523 }
1524 }
1525 }
1526
1527 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1528 goto undeclared_property;
1529 }
1530
1531 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1532 if (UNEXPECTED(zend_update_class_constants(ce)) != SUCCESS) {
1533 return NULL;
1534 }
1535 }
1536
1537 /* check if static properties were destroyed */
1538 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1539 if (ce->type == ZEND_INTERNAL_CLASS || (ce->ce_flags & (ZEND_ACC_IMMUTABLE|ZEND_ACC_PRELOADED))) {
1540 zend_class_init_statics(ce);
1541 } else {
1542 undeclared_property:
1543 if (type != BP_VAR_IS) {
1544 zend_throw_error(NULL, "Access to undeclared static property: %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1545 }
1546 return NULL;
1547 }
1548 }
1549
1550 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1551 ZVAL_DEINDIRECT(ret);
1552
1553 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1554 && Z_TYPE_P(ret) == IS_UNDEF && property_info->type != 0)) {
1555 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1556 ZSTR_VAL(property_info->ce->name),
1557 zend_get_unmangled_property_name(property_name));
1558 return NULL;
1559 }
1560
1561 return ret;
1562 }
1563 /* }}} */
1564
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1565 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1566 {
1567 zend_property_info *prop_info;
1568 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
1569 }
1570
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)1571 ZEND_API ZEND_COLD zend_bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
1572 {
1573 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1574 return 0;
1575 }
1576 /* }}} */
1577
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)1578 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
1579 {
1580 if (scope) {
1581 zend_throw_error(NULL, "Call to %s %s::%s() from context '%s'", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name));
1582 } else {
1583 zend_throw_error(NULL, "Call to %s %s::%s() from invalid context", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
1584 }
1585 }
1586 /* }}} */
1587
zend_std_get_constructor(zend_object * zobj)1588 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
1589 {
1590 zend_function *constructor = zobj->ce->constructor;
1591 zend_class_entry *scope;
1592
1593 if (constructor) {
1594 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
1595 if (UNEXPECTED(EG(fake_scope))) {
1596 scope = EG(fake_scope);
1597 } else {
1598 scope = zend_get_executed_scope();
1599 }
1600 if (UNEXPECTED(constructor->common.scope != scope)) {
1601 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
1602 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
1603 zend_bad_constructor_call(constructor, scope);
1604 constructor = NULL;
1605 }
1606 }
1607 }
1608 }
1609
1610 return constructor;
1611 }
1612 /* }}} */
1613
zend_std_compare_objects(zval * o1,zval * o2)1614 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
1615 {
1616 zend_object *zobj1, *zobj2;
1617
1618 zobj1 = Z_OBJ_P(o1);
1619 zobj2 = Z_OBJ_P(o2);
1620
1621 if (zobj1 == zobj2) {
1622 return 0; /* the same object */
1623 }
1624 if (zobj1->ce != zobj2->ce) {
1625 return 1; /* different classes */
1626 }
1627 if (!zobj1->properties && !zobj2->properties) {
1628 zend_property_info *info;
1629
1630 if (!zobj1->ce->default_properties_count) {
1631 return 0;
1632 }
1633
1634 /* It's enough to protect only one of the objects.
1635 * The second one may be referenced from the first and this may cause
1636 * false recursion detection.
1637 */
1638 /* use bitwise OR to make only one conditional jump */
1639 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
1640 zend_error_noreturn(E_ERROR, "Nesting level too deep - recursive dependency?");
1641 }
1642 Z_PROTECT_RECURSION_P(o1);
1643
1644 ZEND_HASH_FOREACH_PTR(&zobj1->ce->properties_info, info) {
1645 zval *p1 = OBJ_PROP(zobj1, info->offset);
1646 zval *p2 = OBJ_PROP(zobj2, info->offset);
1647
1648 if (info->flags & ZEND_ACC_STATIC) {
1649 continue;
1650 }
1651
1652 if (Z_TYPE_P(p1) != IS_UNDEF) {
1653 if (Z_TYPE_P(p2) != IS_UNDEF) {
1654 zval result;
1655
1656 if (compare_function(&result, p1, p2)==FAILURE) {
1657 Z_UNPROTECT_RECURSION_P(o1);
1658 return 1;
1659 }
1660 if (Z_LVAL(result) != 0) {
1661 Z_UNPROTECT_RECURSION_P(o1);
1662 return Z_LVAL(result);
1663 }
1664 } else {
1665 Z_UNPROTECT_RECURSION_P(o1);
1666 return 1;
1667 }
1668 } else {
1669 if (Z_TYPE_P(p2) != IS_UNDEF) {
1670 Z_UNPROTECT_RECURSION_P(o1);
1671 return 1;
1672 }
1673 }
1674 } ZEND_HASH_FOREACH_END();
1675
1676 Z_UNPROTECT_RECURSION_P(o1);
1677 return 0;
1678 } else {
1679 if (!zobj1->properties) {
1680 rebuild_object_properties(zobj1);
1681 }
1682 if (!zobj2->properties) {
1683 rebuild_object_properties(zobj2);
1684 }
1685 return zend_compare_symbol_tables(zobj1->properties, zobj2->properties);
1686 }
1687 }
1688 /* }}} */
1689
zend_std_has_property(zval * object,zval * member,int has_set_exists,void ** cache_slot)1690 ZEND_API int zend_std_has_property(zval *object, zval *member, int has_set_exists, void **cache_slot) /* {{{ */
1691 {
1692 zend_object *zobj;
1693 int result;
1694 zval *value = NULL;
1695 zend_string *name, *tmp_name;
1696 uintptr_t property_offset;
1697 zend_property_info *prop_info = NULL;
1698
1699 zobj = Z_OBJ_P(object);
1700 name = zval_try_get_tmp_string(member, &tmp_name);
1701 if (UNEXPECTED(!name)) {
1702 return 0;
1703 }
1704
1705 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
1706
1707 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1708 value = OBJ_PROP(zobj, property_offset);
1709 if (Z_TYPE_P(value) != IS_UNDEF) {
1710 goto found;
1711 }
1712 if (UNEXPECTED(Z_PROP_FLAG_P(value) == IS_PROP_UNINIT)) {
1713 /* Skip __isset() for uninitialized typed properties */
1714 result = 0;
1715 goto exit;
1716 }
1717 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1718 if (EXPECTED(zobj->properties != NULL)) {
1719 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
1720 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
1721
1722 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
1723 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
1724
1725 if (EXPECTED(Z_TYPE(p->val) != IS_UNDEF) &&
1726 (EXPECTED(p->key == name) ||
1727 (EXPECTED(p->h == ZSTR_H(name)) &&
1728 EXPECTED(p->key != NULL) &&
1729 EXPECTED(zend_string_equal_content(p->key, name))))) {
1730 value = &p->val;
1731 goto found;
1732 }
1733 }
1734 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
1735 }
1736 value = zend_hash_find(zobj->properties, name);
1737 if (value) {
1738 if (cache_slot) {
1739 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
1740 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
1741 }
1742 found:
1743 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
1744 result = zend_is_true(value);
1745 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
1746 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
1747 ZVAL_DEREF(value);
1748 result = (Z_TYPE_P(value) != IS_NULL);
1749 } else {
1750 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
1751 result = 1;
1752 }
1753 goto exit;
1754 }
1755 }
1756 } else if (UNEXPECTED(EG(exception))) {
1757 result = 0;
1758 goto exit;
1759 }
1760
1761 result = 0;
1762 if ((has_set_exists != ZEND_PROPERTY_EXISTS) && zobj->ce->__isset) {
1763 uint32_t *guard = zend_get_property_guard(zobj, name);
1764
1765 if (!((*guard) & IN_ISSET)) {
1766 zval rv;
1767
1768 /* have issetter - try with it! */
1769 if (!tmp_name && !ZSTR_IS_INTERNED(name)) {
1770 tmp_name = zend_string_copy(name);
1771 }
1772 GC_ADDREF(zobj);
1773 (*guard) |= IN_ISSET; /* prevent circular getting */
1774 zend_std_call_issetter(zobj, name, &rv);
1775 result = zend_is_true(&rv);
1776 zval_ptr_dtor(&rv);
1777 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
1778 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
1779 (*guard) |= IN_GET;
1780 zend_std_call_getter(zobj, name, &rv);
1781 (*guard) &= ~IN_GET;
1782 result = i_zend_is_true(&rv);
1783 zval_ptr_dtor(&rv);
1784 } else {
1785 result = 0;
1786 }
1787 }
1788 (*guard) &= ~IN_ISSET;
1789 OBJ_RELEASE(zobj);
1790 }
1791 }
1792
1793 exit:
1794 zend_tmp_string_release(tmp_name);
1795 return result;
1796 }
1797 /* }}} */
1798
zend_std_get_class_name(const zend_object * zobj)1799 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
1800 {
1801 return zend_string_copy(zobj->ce->name);
1802 }
1803 /* }}} */
1804
zend_std_cast_object_tostring(zval * readobj,zval * writeobj,int type)1805 ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int type) /* {{{ */
1806 {
1807 zval retval;
1808 zend_class_entry *ce;
1809
1810 switch (type) {
1811 case IS_STRING:
1812 ce = Z_OBJCE_P(readobj);
1813 if (ce->__tostring) {
1814 zend_class_entry *fake_scope = EG(fake_scope);
1815 EG(fake_scope) = NULL;
1816 zend_call_method_with_0_params(readobj, ce, &ce->__tostring, "__tostring", &retval);
1817 EG(fake_scope) = fake_scope;
1818 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
1819 ZVAL_COPY_VALUE(writeobj, &retval);
1820 return SUCCESS;
1821 }
1822 zval_ptr_dtor(&retval);
1823 if (!EG(exception)) {
1824 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
1825 }
1826 }
1827 return FAILURE;
1828 case _IS_BOOL:
1829 ZVAL_TRUE(writeobj);
1830 return SUCCESS;
1831 case IS_LONG:
1832 ce = Z_OBJCE_P(readobj);
1833 zend_error(E_NOTICE, "Object of class %s could not be converted to int", ZSTR_VAL(ce->name));
1834 ZVAL_LONG(writeobj, 1);
1835 return SUCCESS;
1836 case IS_DOUBLE:
1837 ce = Z_OBJCE_P(readobj);
1838 zend_error(E_NOTICE, "Object of class %s could not be converted to float", ZSTR_VAL(ce->name));
1839 ZVAL_DOUBLE(writeobj, 1);
1840 return SUCCESS;
1841 case _IS_NUMBER:
1842 ce = Z_OBJCE_P(readobj);
1843 zend_error(E_NOTICE, "Object of class %s could not be converted to number", ZSTR_VAL(ce->name));
1844 ZVAL_LONG(writeobj, 1);
1845 return SUCCESS;
1846 default:
1847 ZVAL_NULL(writeobj);
1848 break;
1849 }
1850 return FAILURE;
1851 }
1852 /* }}} */
1853
zend_std_get_closure(zval * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr)1854 ZEND_API int zend_std_get_closure(zval *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr) /* {{{ */
1855 {
1856 zval *func;
1857 zend_class_entry *ce = Z_OBJCE_P(obj);
1858
1859 if ((func = zend_hash_find_ex(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE), 1)) == NULL) {
1860 return FAILURE;
1861 }
1862 *fptr_ptr = Z_FUNC_P(func);
1863
1864 *ce_ptr = ce;
1865 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
1866 if (obj_ptr) {
1867 *obj_ptr = NULL;
1868 }
1869 } else {
1870 if (obj_ptr) {
1871 *obj_ptr = Z_OBJ_P(obj);
1872 }
1873 }
1874 return SUCCESS;
1875 }
1876 /* }}} */
1877
zend_std_get_properties_for(zval * obj,zend_prop_purpose purpose)1878 ZEND_API HashTable *zend_std_get_properties_for(zval *obj, zend_prop_purpose purpose) {
1879 HashTable *ht;
1880 switch (purpose) {
1881 case ZEND_PROP_PURPOSE_DEBUG:
1882 if (Z_OBJ_HT_P(obj)->get_debug_info) {
1883 int is_temp;
1884 ht = Z_OBJ_HT_P(obj)->get_debug_info(obj, &is_temp);
1885 if (ht && !is_temp && !(GC_FLAGS(ht) & GC_IMMUTABLE)) {
1886 GC_ADDREF(ht);
1887 }
1888 return ht;
1889 }
1890 /* break missing intentionally */
1891 case ZEND_PROP_PURPOSE_ARRAY_CAST:
1892 case ZEND_PROP_PURPOSE_SERIALIZE:
1893 case ZEND_PROP_PURPOSE_VAR_EXPORT:
1894 case ZEND_PROP_PURPOSE_JSON:
1895 case _ZEND_PROP_PURPOSE_ARRAY_KEY_EXISTS:
1896 ht = Z_OBJ_HT_P(obj)->get_properties(obj);
1897 if (ht && !(GC_FLAGS(ht) & GC_IMMUTABLE)) {
1898 GC_ADDREF(ht);
1899 }
1900 return ht;
1901 default:
1902 ZEND_ASSERT(0);
1903 return NULL;
1904 }
1905 }
1906
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)1907 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
1908 if (Z_OBJ_HT_P(obj)->get_properties_for) {
1909 return Z_OBJ_HT_P(obj)->get_properties_for(obj, purpose);
1910 }
1911
1912 return zend_std_get_properties_for(obj, purpose);
1913 }
1914
1915 ZEND_API const zend_object_handlers std_object_handlers = {
1916 0, /* offset */
1917
1918 zend_object_std_dtor, /* free_obj */
1919 zend_objects_destroy_object, /* dtor_obj */
1920 zend_objects_clone_obj, /* clone_obj */
1921
1922 zend_std_read_property, /* read_property */
1923 zend_std_write_property, /* write_property */
1924 zend_std_read_dimension, /* read_dimension */
1925 zend_std_write_dimension, /* write_dimension */
1926 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
1927 NULL, /* get */
1928 NULL, /* set */
1929 zend_std_has_property, /* has_property */
1930 zend_std_unset_property, /* unset_property */
1931 zend_std_has_dimension, /* has_dimension */
1932 zend_std_unset_dimension, /* unset_dimension */
1933 zend_std_get_properties, /* get_properties */
1934 zend_std_get_method, /* get_method */
1935 NULL, /* call_method */
1936 zend_std_get_constructor, /* get_constructor */
1937 zend_std_get_class_name, /* get_class_name */
1938 zend_std_compare_objects, /* compare_objects */
1939 zend_std_cast_object_tostring, /* cast_object */
1940 NULL, /* count_elements */
1941 zend_std_get_debug_info, /* get_debug_info */
1942 zend_std_get_closure, /* get_closure */
1943 zend_std_get_gc, /* get_gc */
1944 NULL, /* do_operation */
1945 NULL, /* compare */
1946 NULL, /* get_properties_for */
1947 };
1948