1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_lazy_objects.h"
24 #include "zend_variables.h"
25 #include "zend_API.h"
26 #include "zend_objects.h"
27 #include "zend_objects_API.h"
28 #include "zend_object_handlers.h"
29 #include "zend_interfaces.h"
30 #include "zend_exceptions.h"
31 #include "zend_closures.h"
32 #include "zend_compile.h"
33 #include "zend_hash.h"
34 #include "zend_property_hooks.h"
35 #include "zend_observer.h"
36
37 #define DEBUG_OBJECT_HANDLERS 0
38
39 #define ZEND_WRONG_PROPERTY_OFFSET 0
40 #define ZEND_HOOKED_PROPERTY_OFFSET 1
41
42 /* guard flags */
43 #define IN_GET ZEND_GUARD_PROPERTY_GET
44 #define IN_SET ZEND_GUARD_PROPERTY_SET
45 #define IN_UNSET ZEND_GUARD_PROPERTY_UNSET
46 #define IN_ISSET ZEND_GUARD_PROPERTY_ISSET
47 #define IN_HOOK ZEND_GUARD_PROPERTY_HOOK
48
49 /*
50 __X accessors explanation:
51
52 if we have __get and property that is not part of the properties array is
53 requested, we call __get handler. If it fails, we return uninitialized.
54
55 if we have __set and property that is not part of the properties array is
56 set, we call __set handler. If it fails, we do not change the array.
57
58 for both handlers above, when we are inside __get/__set, no further calls for
59 __get/__set for this property of this object will be made, to prevent endless
60 recursion and enable accessors to change properties array.
61
62 if we have __call and method which is not part of the class function table is
63 called, we cal __call handler.
64 */
65
rebuild_object_properties_internal(zend_object * zobj)66 ZEND_API HashTable *rebuild_object_properties_internal(zend_object *zobj) /* {{{ */
67 {
68 if (!zobj->properties) {
69 zend_property_info *prop_info;
70 zend_class_entry *ce = zobj->ce;
71 int i;
72
73 zobj->properties = zend_new_array(ce->default_properties_count);
74 if (ce->default_properties_count) {
75 zend_hash_real_init_mixed(zobj->properties);
76 for (i = 0; i < ce->default_properties_count; i++) {
77 prop_info = ce->properties_info_table[i];
78
79 if (!prop_info) {
80 continue;
81 }
82
83 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
84 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
85 }
86
87 _zend_hash_append_ind(zobj->properties, prop_info->name,
88 OBJ_PROP(zobj, prop_info->offset));
89 }
90 }
91 }
92
93 return zobj->properties;
94 }
95 /* }}} */
96
97 /* Implements the fast path for array cast */
zend_std_build_object_properties_array(zend_object * zobj)98 ZEND_API HashTable *zend_std_build_object_properties_array(zend_object *zobj) /* {{{ */
99 {
100 zend_property_info *prop_info;
101 zend_class_entry *ce = zobj->ce;
102 HashTable *ht;
103 zval* prop;
104 int i;
105
106 ZEND_ASSERT(!(zend_object_is_lazy_proxy(zobj) && zend_lazy_object_initialized(zobj)));
107 ZEND_ASSERT(!zobj->properties);
108 ht = zend_new_array(ce->default_properties_count);
109 if (ce->default_properties_count) {
110 zend_hash_real_init_mixed(ht);
111 for (i = 0; i < ce->default_properties_count; i++) {
112 prop_info = ce->properties_info_table[i];
113
114 if (!prop_info) {
115 continue;
116 }
117
118 prop = OBJ_PROP(zobj, prop_info->offset);
119 if (UNEXPECTED(Z_TYPE_P(prop) == IS_UNDEF)) {
120 continue;
121 }
122
123 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
124 prop = Z_REFVAL_P(prop);
125 }
126
127 Z_TRY_ADDREF_P(prop);
128 _zend_hash_append(ht, prop_info->name, prop);
129 }
130 }
131 return ht;
132 }
133 /* }}} */
134
zend_std_get_properties(zend_object * zobj)135 ZEND_API HashTable *zend_std_get_properties(zend_object *zobj) /* {{{ */
136 {
137 return zend_std_get_properties_ex(zobj);
138 }
139 /* }}} */
140
141 /* Fetch properties HashTable without triggering lazy initialization */
zend_get_properties_no_lazy_init(zend_object * zobj)142 ZEND_API HashTable *zend_get_properties_no_lazy_init(zend_object *zobj)
143 {
144 if (zobj->handlers->get_properties == zend_std_get_properties) {
145 if (UNEXPECTED(zend_object_is_lazy_proxy(zobj)
146 && zend_lazy_object_initialized(zobj))) {
147 zend_object *instance = zend_lazy_object_get_instance(zobj);
148 return zend_get_properties_no_lazy_init(instance);
149 }
150
151 if (!zobj->properties) {
152 rebuild_object_properties_internal(zobj);
153 }
154 return zobj->properties;
155 }
156
157 ZEND_ASSERT(!zend_object_is_lazy(zobj));
158
159 return zobj->handlers->get_properties(zobj);
160 }
161
zend_std_get_gc(zend_object * zobj,zval ** table,int * n)162 ZEND_API HashTable *zend_std_get_gc(zend_object *zobj, zval **table, int *n) /* {{{ */
163 {
164 if (zobj->handlers->get_properties != zend_std_get_properties) {
165 *table = NULL;
166 *n = 0;
167 return zobj->handlers->get_properties(zobj);
168 } else {
169 if (UNEXPECTED(zend_object_is_lazy(zobj))) {
170 return zend_lazy_object_get_gc(zobj, table, n);
171 } else if (zobj->properties) {
172 *table = NULL;
173 *n = 0;
174 return zobj->properties;
175 } else {
176 *table = zobj->properties_table;
177 *n = zobj->ce->default_properties_count;
178 return NULL;
179 }
180 }
181 }
182 /* }}} */
183
zend_std_get_debug_info(zend_object * object,int * is_temp)184 ZEND_API HashTable *zend_std_get_debug_info(zend_object *object, int *is_temp) /* {{{ */
185 {
186 zend_class_entry *ce = object->ce;
187 zval retval;
188 HashTable *ht;
189
190 if (!ce->__debugInfo) {
191 if (UNEXPECTED(zend_object_is_lazy(object))) {
192 return zend_lazy_object_debug_info(object, is_temp);
193 }
194
195 *is_temp = 0;
196 return object->handlers->get_properties(object);
197 }
198
199 zend_call_known_instance_method_with_0_params(ce->__debugInfo, object, &retval);
200 if (Z_TYPE(retval) == IS_ARRAY) {
201 if (!Z_REFCOUNTED(retval)) {
202 *is_temp = 1;
203 return zend_array_dup(Z_ARRVAL(retval));
204 } else if (Z_REFCOUNT(retval) <= 1) {
205 *is_temp = 1;
206 ht = Z_ARR(retval);
207 return ht;
208 } else {
209 *is_temp = 0;
210 zval_ptr_dtor(&retval);
211 return Z_ARRVAL(retval);
212 }
213 } else if (Z_TYPE(retval) == IS_NULL) {
214 *is_temp = 1;
215 ht = zend_new_array(0);
216 return ht;
217 }
218
219 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
220
221 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
222 }
223 /* }}} */
224
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)225 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
226 {
227 zval member;
228 ZVAL_STR(&member, prop_name);
229 zend_call_known_instance_method_with_1_params(zobj->ce->__get, zobj, retval, &member);
230 }
231 /* }}} */
232
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)233 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
234 {
235 zval args[2];
236 ZVAL_STR(&args[0], prop_name);
237 ZVAL_COPY_VALUE(&args[1], value);
238 zend_call_known_instance_method(zobj->ce->__set, zobj, NULL, 2, args);
239 }
240 /* }}} */
241
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)242 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
243 {
244 zval member;
245 ZVAL_STR(&member, prop_name);
246 zend_call_known_instance_method_with_1_params(zobj->ce->__unset, zobj, NULL, &member);
247 }
248 /* }}} */
249
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)250 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
251 {
252 zval member;
253 ZVAL_STR(&member, prop_name);
254 zend_call_known_instance_method_with_1_params(zobj->ce->__isset, zobj, retval, &member);
255 }
256 /* }}} */
257
258
is_derived_class(const zend_class_entry * child_class,const zend_class_entry * parent_class)259 static zend_always_inline bool is_derived_class(const zend_class_entry *child_class, const zend_class_entry *parent_class) /* {{{ */
260 {
261 child_class = child_class->parent;
262 while (child_class) {
263 if (child_class == parent_class) {
264 return 1;
265 }
266 child_class = child_class->parent;
267 }
268
269 return 0;
270 }
271 /* }}} */
272
is_protected_compatible_scope(const zend_class_entry * ce,const zend_class_entry * scope)273 static zend_never_inline int is_protected_compatible_scope(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
274 {
275 return scope &&
276 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
277 }
278 /* }}} */
279
zend_get_parent_private_property(zend_class_entry * scope,const zend_class_entry * ce,zend_string * member)280 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, const zend_class_entry *ce, zend_string *member) /* {{{ */
281 {
282 zval *zv;
283 zend_property_info *prop_info;
284
285 if (scope != ce && scope && is_derived_class(ce, scope)) {
286 zv = zend_hash_find(&scope->properties_info, member);
287 if (zv != NULL) {
288 prop_info = (zend_property_info*)Z_PTR_P(zv);
289 if ((prop_info->flags & ZEND_ACC_PRIVATE)
290 && prop_info->ce == scope) {
291 return prop_info;
292 }
293 }
294 }
295 return NULL;
296 }
297 /* }}} */
298
zend_bad_property_access(const zend_property_info * property_info,const zend_class_entry * ce,const zend_string * member)299 static ZEND_COLD zend_never_inline void zend_bad_property_access(const zend_property_info *property_info, const zend_class_entry *ce, const zend_string *member) /* {{{ */
300 {
301 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
302 }
303 /* }}} */
304
zend_bad_property_name(void)305 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
306 {
307 zend_throw_error(NULL, "Cannot access property starting with \"\\0\"");
308 }
309 /* }}} */
310
zend_forbidden_dynamic_property(const zend_class_entry * ce,const zend_string * member)311 static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
312 const zend_class_entry *ce, const zend_string *member) {
313 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
314 ZSTR_VAL(ce->name), ZSTR_VAL(member));
315 }
316
zend_deprecated_dynamic_property(zend_object * obj,const zend_string * member)317 static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
318 zend_object *obj, const zend_string *member) {
319 GC_ADDREF(obj);
320 zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
321 ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
322 if (UNEXPECTED(GC_DELREF(obj) == 0)) {
323 zend_class_entry *ce = obj->ce;
324 zend_objects_store_del(obj);
325 if (!EG(exception)) {
326 /* We cannot continue execution and have to throw an exception */
327 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
328 ZSTR_VAL(ce->name), ZSTR_VAL(member));
329 }
330 return 0;
331 }
332 return 1;
333 }
334
zend_readonly_property_unset_error(zend_class_entry * ce,zend_string * member)335 static ZEND_COLD zend_never_inline void zend_readonly_property_unset_error(
336 zend_class_entry *ce, zend_string *member) {
337 zend_throw_error(NULL, "Cannot unset readonly property %s::$%s",
338 ZSTR_VAL(ce->name), ZSTR_VAL(member));
339 }
340
get_fake_or_executed_scope(void)341 static zend_always_inline zend_class_entry *get_fake_or_executed_scope(void)
342 {
343 if (UNEXPECTED(EG(fake_scope))) {
344 return EG(fake_scope);
345 } else {
346 return zend_get_executed_scope();
347 }
348 }
349
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,const zend_property_info ** info_ptr)350 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, const zend_property_info **info_ptr) /* {{{ */
351 {
352 zval *zv;
353 zend_property_info *property_info;
354 uint32_t flags;
355 uintptr_t offset;
356
357 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
358 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
359 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
360 }
361
362 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
363 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
364 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
365 if (!silent) {
366 zend_bad_property_name();
367 }
368 return ZEND_WRONG_PROPERTY_OFFSET;
369 }
370 dynamic:
371 if (cache_slot) {
372 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
373 CACHE_PTR_EX(cache_slot + 2, NULL);
374 }
375 return ZEND_DYNAMIC_PROPERTY_OFFSET;
376 }
377
378 property_info = (zend_property_info*)Z_PTR_P(zv);
379 flags = property_info->flags;
380
381 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
382 zend_class_entry *scope = get_fake_or_executed_scope();
383
384 if (property_info->ce != scope) {
385 if (flags & ZEND_ACC_CHANGED) {
386 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
387
388 /* If there is a public/protected instance property on ce, don't try to use a
389 * private static property on scope. If both are static, prefer the static
390 * property on scope. This will throw a static property notice, rather than
391 * a visibility error. */
392 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
393 property_info = p;
394 flags = property_info->flags;
395 goto found;
396 } else if (flags & ZEND_ACC_PUBLIC) {
397 goto found;
398 }
399 }
400 if (flags & ZEND_ACC_PRIVATE) {
401 if (property_info->ce != ce) {
402 goto dynamic;
403 } else {
404 wrong:
405 /* Information was available, but we were denied access. Error out. */
406 if (!silent) {
407 zend_bad_property_access(property_info, ce, member);
408 }
409 return ZEND_WRONG_PROPERTY_OFFSET;
410 }
411 } else {
412 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
413 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
414 goto wrong;
415 }
416 }
417 }
418 }
419
420 found:
421 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
422 if (!silent) {
423 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
424 }
425 return ZEND_DYNAMIC_PROPERTY_OFFSET;
426 }
427
428 if (property_info->hooks) {
429 *info_ptr = property_info;
430 if (cache_slot) {
431 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_HOOKED_PROPERTY_OFFSET);
432 CACHE_PTR_EX(cache_slot + 2, property_info);
433 }
434 return ZEND_HOOKED_PROPERTY_OFFSET;
435 }
436
437 offset = property_info->offset;
438 if (EXPECTED(!ZEND_TYPE_IS_SET(property_info->type))) {
439 property_info = NULL;
440 } else {
441 *info_ptr = property_info;
442 }
443 if (cache_slot) {
444 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
445 CACHE_PTR_EX(cache_slot + 2, property_info);
446 }
447 return offset;
448 }
449 /* }}} */
450
zend_wrong_offset(zend_class_entry * ce,zend_string * member)451 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
452 {
453 const zend_property_info *dummy;
454
455 /* Trigger the correct error */
456 zend_get_property_offset(ce, member, 0, NULL, &dummy);
457 }
458 /* }}} */
459
zend_get_property_info(const zend_class_entry * ce,zend_string * member,int silent)460 ZEND_API zend_property_info *zend_get_property_info(const zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
461 {
462 zval *zv;
463 zend_property_info *property_info;
464 uint32_t flags;
465
466 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
467 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
468 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
469 if (!silent) {
470 zend_bad_property_name();
471 }
472 return ZEND_WRONG_PROPERTY_INFO;
473 }
474 dynamic:
475 return NULL;
476 }
477
478 property_info = (zend_property_info*)Z_PTR_P(zv);
479 flags = property_info->flags;
480
481 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
482 zend_class_entry *scope = get_fake_or_executed_scope();
483 if (property_info->ce != scope) {
484 if (flags & ZEND_ACC_CHANGED) {
485 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
486
487 if (p) {
488 property_info = p;
489 flags = property_info->flags;
490 goto found;
491 } else if (flags & ZEND_ACC_PUBLIC) {
492 goto found;
493 }
494 }
495 if (flags & ZEND_ACC_PRIVATE) {
496 if (property_info->ce != ce) {
497 goto dynamic;
498 } else {
499 wrong:
500 /* Information was available, but we were denied access. Error out. */
501 if (!silent) {
502 zend_bad_property_access(property_info, ce, member);
503 }
504 return ZEND_WRONG_PROPERTY_INFO;
505 }
506 } else {
507 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
508 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
509 goto wrong;
510 }
511 }
512 }
513 }
514
515 found:
516 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
517 if (!silent) {
518 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
519 }
520 }
521 return property_info;
522 }
523 /* }}} */
524
zend_check_property_access(const zend_object * zobj,zend_string * prop_info_name,bool is_dynamic)525 ZEND_API zend_result zend_check_property_access(const zend_object *zobj, zend_string *prop_info_name, bool is_dynamic) /* {{{ */
526 {
527 zend_property_info *property_info;
528 const char *class_name = NULL;
529 const char *prop_name;
530 zend_string *member;
531 size_t prop_name_len;
532
533 if (ZSTR_VAL(prop_info_name)[0] == 0) {
534 if (is_dynamic) {
535 return SUCCESS;
536 }
537
538 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
539 member = zend_string_init(prop_name, prop_name_len, 0);
540 property_info = zend_get_property_info(zobj->ce, member, 1);
541 zend_string_release_ex(member, 0);
542 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
543 return FAILURE;
544 }
545
546 if (class_name[0] != '*') {
547 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
548 /* we we're looking for a private prop but found a non private one of the same name */
549 return FAILURE;
550 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
551 /* we we're looking for a private prop but found a private one of the same name but another class */
552 return FAILURE;
553 }
554 } else {
555 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
556 }
557 return SUCCESS;
558 } else {
559 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
560 if (property_info == NULL) {
561 ZEND_ASSERT(is_dynamic);
562 return SUCCESS;
563 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
564 return FAILURE;
565 }
566 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
567 }
568 }
569 /* }}} */
570
zend_asymmetric_property_has_set_access(const zend_property_info * prop_info)571 ZEND_API bool ZEND_FASTCALL zend_asymmetric_property_has_set_access(const zend_property_info *prop_info) {
572 ZEND_ASSERT(prop_info->flags & ZEND_ACC_PPP_SET_MASK);
573 ZEND_ASSERT(!(prop_info->flags & ZEND_ACC_PUBLIC_SET));
574 zend_class_entry *scope = get_fake_or_executed_scope();
575 if (prop_info->ce == scope) {
576 return true;
577 }
578 return EXPECTED((prop_info->flags & ZEND_ACC_PROTECTED_SET)
579 && is_protected_compatible_scope(prop_info->ce, scope));
580 }
581
zend_property_guard_dtor(zval * el)582 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
583 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
584 if (EXPECTED(!(((uintptr_t)ptr) & 1))) {
585 efree_size(ptr, sizeof(uint32_t));
586 }
587 }
588 /* }}} */
589
zend_get_guard_value(zend_object * zobj)590 static zend_always_inline zval *zend_get_guard_value(zend_object *zobj)
591 {
592 return zobj->properties_table + zobj->ce->default_properties_count;
593 }
594
zend_get_property_guard(zend_object * zobj,zend_string * member)595 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
596 {
597 HashTable *guards;
598 zval *zv;
599 uint32_t *ptr;
600
601
602 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
603 zv = zend_get_guard_value(zobj);
604 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
605 zend_string *str = Z_STR_P(zv);
606 if (EXPECTED(str == member) ||
607 /* str and member don't necessarily have a pre-calculated hash value here */
608 EXPECTED(zend_string_equal_content(str, member))) {
609 return &Z_GUARD_P(zv);
610 } else if (EXPECTED(Z_GUARD_P(zv) == 0)) {
611 zval_ptr_dtor_str(zv);
612 ZVAL_STR_COPY(zv, member);
613 return &Z_GUARD_P(zv);
614 } else {
615 ALLOC_HASHTABLE(guards);
616 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
617 /* mark pointer as "special" using low bit */
618 zend_hash_add_new_ptr(guards, str,
619 (void*)(((uintptr_t)&Z_GUARD_P(zv)) | 1));
620 zval_ptr_dtor_str(zv);
621 ZVAL_ARR(zv, guards);
622 }
623 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
624 guards = Z_ARRVAL_P(zv);
625 ZEND_ASSERT(guards != NULL);
626 zv = zend_hash_find(guards, member);
627 if (zv != NULL) {
628 return (uint32_t*)(((uintptr_t)Z_PTR_P(zv)) & ~1);
629 }
630 } else {
631 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
632 ZVAL_STR_COPY(zv, member);
633 Z_GUARD_P(zv) &= ~ZEND_GUARD_PROPERTY_MASK;
634 return &Z_GUARD_P(zv);
635 }
636 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
637 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
638 *ptr = 0;
639 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
640 }
641 /* }}} */
642
zend_get_recursion_guard(zend_object * zobj)643 ZEND_API uint32_t *zend_get_recursion_guard(zend_object *zobj)
644 {
645 if (!(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS)) {
646 return NULL;
647 }
648 zval *zv = zend_get_guard_value(zobj);
649 return &Z_GUARD_P(zv);
650 }
651
zend_typed_property_uninitialized_access(const zend_property_info * prop_info,zend_string * name)652 ZEND_COLD static void zend_typed_property_uninitialized_access(const zend_property_info *prop_info, zend_string *name)
653 {
654 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
655 ZSTR_VAL(prop_info->ce->name),
656 ZSTR_VAL(name));
657 }
658
659 static ZEND_FUNCTION(zend_parent_hook_get_trampoline);
660 static ZEND_FUNCTION(zend_parent_hook_set_trampoline);
661
zend_is_in_hook(const zend_property_info * prop_info)662 static bool zend_is_in_hook(const zend_property_info *prop_info)
663 {
664 zend_execute_data *execute_data = EG(current_execute_data);
665 if (!execute_data || !EX(func) || !EX(func)->common.prop_info) {
666 return false;
667 }
668
669 const zend_property_info *parent_info = EX(func)->common.prop_info;
670 ZEND_ASSERT(prop_info->prototype && parent_info->prototype);
671 return prop_info->prototype == parent_info->prototype;
672 }
673
zend_should_call_hook(const zend_property_info * prop_info,const zend_object * obj)674 static bool zend_should_call_hook(const zend_property_info *prop_info, const zend_object *obj)
675 {
676 return !zend_is_in_hook(prop_info)
677 /* execute_data and This are guaranteed to be set if zend_is_in_hook() returns true. */
678 || Z_OBJ(EG(current_execute_data)->This) != obj;
679 }
680
zend_throw_no_prop_backing_value_access(zend_string * class_name,zend_string * prop_name,bool is_read)681 static ZEND_COLD void zend_throw_no_prop_backing_value_access(zend_string *class_name, zend_string *prop_name, bool is_read)
682 {
683 zend_throw_error(NULL, "Must not %s virtual property %s::$%s",
684 is_read ? "read from" : "write to",
685 ZSTR_VAL(class_name), ZSTR_VAL(prop_name));
686 }
687
zend_call_get_hook(const zend_property_info * prop_info,zend_string * prop_name,zend_function * get,zend_object * zobj,zval * rv)688 static bool zend_call_get_hook(
689 const zend_property_info *prop_info, zend_string *prop_name,
690 zend_function *get, zend_object *zobj, zval *rv)
691 {
692 if (!zend_should_call_hook(prop_info, zobj)) {
693 if (UNEXPECTED(prop_info->flags & ZEND_ACC_VIRTUAL)) {
694 zend_throw_no_prop_backing_value_access(zobj->ce->name, prop_name, /* is_read */ true);
695 }
696 return false;
697 }
698
699 zend_call_known_instance_method_with_0_params(get, zobj, rv);
700
701 return true;
702 }
703
zend_std_read_property(zend_object * zobj,zend_string * name,int type,void ** cache_slot,zval * rv)704 ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int type, void **cache_slot, zval *rv) /* {{{ */
705 {
706 zval *retval;
707 uintptr_t property_offset;
708 const zend_property_info *prop_info = NULL;
709 uint32_t *guard = NULL;
710
711 #if DEBUG_OBJECT_HANDLERS
712 fprintf(stderr, "Read object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
713 #endif
714
715 /* make zend_get_property_info silent if we have getter - we may want to use it */
716 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
717
718 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
719 try_again:
720 retval = OBJ_PROP(zobj, property_offset);
721
722 if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))
723 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)
724 && ((prop_info->flags & ZEND_ACC_READONLY) || !zend_asymmetric_property_has_set_access(prop_info))) {
725 if (Z_TYPE_P(retval) == IS_OBJECT) {
726 /* For objects, W/RW/UNSET fetch modes might not actually modify object.
727 * Similar as with magic __get() allow them, but return the value as a copy
728 * to make sure no actual modification is possible. */
729 ZVAL_COPY(rv, retval);
730 retval = rv;
731 goto exit;
732 } else if (Z_TYPE_P(retval) == IS_UNDEF && type == BP_VAR_UNSET) {
733 retval = &EG(uninitialized_zval);
734 goto exit;
735 }
736 if (prop_info->flags & ZEND_ACC_READONLY) {
737 zend_readonly_property_indirect_modification_error(prop_info);
738 } else {
739 zend_asymmetric_visibility_property_modification_error(prop_info, "indirectly modify");
740 }
741 retval = &EG(uninitialized_zval);
742 goto exit;
743 }
744 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
745 goto exit;
746 }
747 if (UNEXPECTED(Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT)) {
748 /* Skip __get() for uninitialized typed properties */
749 goto uninit_error;
750 }
751 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
752 if (EXPECTED(zobj->properties != NULL)) {
753 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
754 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
755
756 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
757 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
758
759 if (EXPECTED(p->key == name) ||
760 (EXPECTED(p->h == ZSTR_H(name)) &&
761 EXPECTED(p->key != NULL) &&
762 EXPECTED(zend_string_equal_content(p->key, name)))) {
763 retval = &p->val;
764 goto exit;
765 }
766 }
767 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
768 }
769 retval = zend_hash_find(zobj->properties, name);
770 if (EXPECTED(retval)) {
771 if (cache_slot) {
772 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
773 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
774 }
775 goto exit;
776 }
777 }
778 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
779 zend_function *get = prop_info->hooks[ZEND_PROPERTY_HOOK_GET];
780 if (!get) {
781 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
782 zend_throw_error(NULL, "Property %s::$%s is write-only",
783 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
784 return &EG(uninitialized_zval);
785 }
786 /* Cache the fact that this hook has trivial read. This only applies to
787 * BP_VAR_R and BP_VAR_IS fetches. */
788 ZEND_SET_PROPERTY_HOOK_SIMPLE_READ(cache_slot);
789
790 retval = OBJ_PROP(zobj, prop_info->offset);
791 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
792 /* As hooked properties can't be unset, the only way to end up with an undef
793 * value is via an uninitialized property. */
794 ZEND_ASSERT(Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT);
795 goto uninit_error;
796 }
797
798 if (UNEXPECTED(type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
799 if (UNEXPECTED(Z_TYPE_P(retval) != IS_OBJECT)) {
800 zend_throw_error(NULL, "Indirect modification of %s::$%s is not allowed",
801 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
802 goto exit;
803 }
804 ZVAL_COPY(rv, retval);
805 retval = rv;
806 }
807 goto exit;
808 }
809
810 zend_class_entry *ce = zobj->ce;
811
812 if (!zend_call_get_hook(prop_info, name, get, zobj, rv)) {
813 if (EG(exception)) {
814 return &EG(uninitialized_zval);
815 }
816
817 /* Reads from backing store can only occur in hooks, and hence will always remain simple. */
818 zend_execute_data *execute_data = EG(current_execute_data);
819 if (cache_slot && EX(opline) && EX(opline)->opcode == ZEND_FETCH_OBJ_R && EX(opline)->op1_type == IS_UNUSED) {
820 ZEND_SET_PROPERTY_HOOK_SIMPLE_READ(cache_slot);
821 }
822
823 property_offset = prop_info->offset;
824 if (!ZEND_TYPE_IS_SET(prop_info->type)) {
825 prop_info = NULL;
826 }
827 goto try_again;
828 }
829
830 if (EXPECTED(cache_slot
831 && zend_execute_ex == execute_ex
832 && ce->default_object_handlers->read_property == zend_std_read_property
833 && !ce->create_object
834 && !zend_is_in_hook(prop_info)
835 && !(prop_info->hooks[ZEND_PROPERTY_HOOK_GET]->common.fn_flags & ZEND_ACC_RETURN_REFERENCE))) {
836 ZEND_SET_PROPERTY_HOOK_SIMPLE_GET(cache_slot);
837 }
838
839 if (Z_TYPE_P(rv) != IS_UNDEF) {
840 retval = rv;
841 if (!Z_ISREF_P(rv)
842 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)
843 && UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
844 zend_throw_error(NULL, "Indirect modification of %s::$%s is not allowed",
845 ZSTR_VAL(ce->name), ZSTR_VAL(name));
846 }
847 } else {
848 retval = &EG(uninitialized_zval);
849 }
850
851 goto exit;
852 } else if (UNEXPECTED(EG(exception))) {
853 retval = &EG(uninitialized_zval);
854 goto exit;
855 }
856
857 retval = &EG(uninitialized_zval);
858
859 /* magic isset */
860 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
861 zval tmp_result;
862 guard = zend_get_property_guard(zobj, name);
863
864 if (!((*guard) & IN_ISSET)) {
865 GC_ADDREF(zobj);
866 ZVAL_UNDEF(&tmp_result);
867
868 *guard |= IN_ISSET;
869 zend_std_call_issetter(zobj, name, &tmp_result);
870 *guard &= ~IN_ISSET;
871
872 if (!zend_is_true(&tmp_result)) {
873 retval = &EG(uninitialized_zval);
874 OBJ_RELEASE(zobj);
875 zval_ptr_dtor(&tmp_result);
876 goto exit;
877 }
878
879 zval_ptr_dtor(&tmp_result);
880 if (zobj->ce->__get && !((*guard) & IN_GET)) {
881 goto call_getter;
882 }
883 OBJ_RELEASE(zobj);
884 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
885 goto call_getter_addref;
886 }
887 } else if (zobj->ce->__get) {
888 /* magic get */
889 guard = zend_get_property_guard(zobj, name);
890 if (!((*guard) & IN_GET)) {
891 /* have getter - try with it! */
892 call_getter_addref:
893 GC_ADDREF(zobj);
894 call_getter:
895 *guard |= IN_GET; /* prevent circular getting */
896 zend_std_call_getter(zobj, name, rv);
897 *guard &= ~IN_GET;
898
899 if (Z_TYPE_P(rv) != IS_UNDEF) {
900 retval = rv;
901 if (!Z_ISREF_P(rv) &&
902 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
903 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
904 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
905 }
906 }
907 } else {
908 retval = &EG(uninitialized_zval);
909 }
910
911 if (prop_info) {
912 zend_verify_prop_assignable_by_ref_ex(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0, ZEND_VERIFY_PROP_ASSIGNABLE_BY_REF_CONTEXT_MAGIC_GET);
913 }
914
915 OBJ_RELEASE(zobj);
916 goto exit;
917 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
918 /* Trigger the correct error */
919 zend_wrong_offset(zobj->ce, name);
920 ZEND_ASSERT(EG(exception));
921 retval = &EG(uninitialized_zval);
922 goto exit;
923 }
924 }
925
926 uninit_error:
927 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
928 if (!prop_info || (Z_PROP_FLAG_P(retval) & IS_PROP_LAZY)) {
929 zobj = zend_lazy_object_init(zobj);
930 if (!zobj) {
931 retval = &EG(uninitialized_zval);
932 goto exit;
933 }
934
935 return zend_std_read_property(zobj, name, type, cache_slot, rv);
936 }
937 }
938 if (type != BP_VAR_IS) {
939 if (prop_info) {
940 zend_typed_property_uninitialized_access(prop_info, name);
941 } else {
942 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
943 }
944 }
945 retval = &EG(uninitialized_zval);
946
947 exit:
948 return retval;
949 }
950 /* }}} */
951
property_uses_strict_types(void)952 static zend_always_inline bool property_uses_strict_types(void) {
953 zend_execute_data *execute_data = EG(current_execute_data);
954 return execute_data
955 && execute_data->func
956 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
957 }
958
zend_std_write_property(zend_object * zobj,zend_string * name,zval * value,void ** cache_slot)959 ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zval *value, void **cache_slot) /* {{{ */
960 {
961 zval *variable_ptr, tmp;
962 uintptr_t property_offset;
963 const zend_property_info *prop_info = NULL;
964 uint32_t *guard = NULL;
965 ZEND_ASSERT(!Z_ISREF_P(value));
966
967 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
968
969 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
970 try_again:
971 variable_ptr = OBJ_PROP(zobj, property_offset);
972
973 if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
974 bool error;
975 if (Z_TYPE_P(variable_ptr) != IS_UNDEF || (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) || !zobj->ce->__set) {
976 error = true;
977 } else {
978 guard = zend_get_property_guard(zobj, name);
979 error = (*guard) & IN_SET;
980 }
981 if (error) {
982 if ((prop_info->flags & ZEND_ACC_READONLY)
983 && Z_TYPE_P(variable_ptr) != IS_UNDEF
984 && !(Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINITABLE)) {
985 zend_readonly_property_modification_error(prop_info);
986 variable_ptr = &EG(error_zval);
987 goto exit;
988 }
989 if ((prop_info->flags & ZEND_ACC_PPP_SET_MASK) && !zend_asymmetric_property_has_set_access(prop_info)) {
990 zend_asymmetric_visibility_property_modification_error(prop_info, "modify");
991 variable_ptr = &EG(error_zval);
992 goto exit;
993 }
994 }
995 }
996
997 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
998 Z_TRY_ADDREF_P(value);
999
1000 if (prop_info) {
1001 typed_property:
1002 ZVAL_COPY_VALUE(&tmp, value);
1003 // Increase refcount to prevent object from being released in __toString()
1004 GC_ADDREF(zobj);
1005 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
1006 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
1007 zend_object_released_while_assigning_to_property_error(prop_info);
1008 zend_objects_store_del(zobj);
1009 zval_ptr_dtor(&tmp);
1010 variable_ptr = &EG(error_zval);
1011 goto exit;
1012 }
1013 if (UNEXPECTED(!type_matched)) {
1014 zval_ptr_dtor(&tmp);
1015 variable_ptr = &EG(error_zval);
1016 goto exit;
1017 }
1018 Z_PROP_FLAG_P(variable_ptr) &= ~(IS_PROP_UNINIT|IS_PROP_REINITABLE);
1019 value = &tmp;
1020 }
1021
1022 found:;
1023 zend_refcounted *garbage = NULL;
1024
1025 variable_ptr = zend_assign_to_variable_ex(
1026 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types(), &garbage);
1027
1028 if (garbage) {
1029 if (GC_DELREF(garbage) == 0) {
1030 zend_execute_data *execute_data = EG(current_execute_data);
1031 // Assign to result variable before calling the destructor as it may release the object
1032 if (execute_data
1033 && EX(func)
1034 && ZEND_USER_CODE(EX(func)->common.type)
1035 && EX(opline)
1036 && EX(opline)->opcode == ZEND_ASSIGN_OBJ
1037 && EX(opline)->result_type) {
1038 ZVAL_COPY_DEREF(EX_VAR(EX(opline)->result.var), variable_ptr);
1039 variable_ptr = NULL;
1040 }
1041 rc_dtor_func(garbage);
1042 } else {
1043 gc_check_possible_root_no_ref(garbage);
1044 }
1045 }
1046 goto exit;
1047 }
1048 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) {
1049 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1050 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_LAZY) {
1051 goto lazy_init;
1052 }
1053 }
1054 /* Writes to uninitialized typed properties bypass __set(). */
1055 goto write_std_property;
1056 }
1057 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1058 if (EXPECTED(zobj->properties != NULL)) {
1059 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1060 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1061 GC_DELREF(zobj->properties);
1062 }
1063 zobj->properties = zend_array_dup(zobj->properties);
1064 }
1065 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
1066 Z_TRY_ADDREF_P(value);
1067 goto found;
1068 }
1069 }
1070 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
1071 zend_function *set = prop_info->hooks[ZEND_PROPERTY_HOOK_SET];
1072
1073 if (!set) {
1074 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
1075 zend_throw_error(NULL, "Property %s::$%s is read-only", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1076 variable_ptr = &EG(error_zval);
1077 goto exit;
1078 }
1079 ZEND_SET_PROPERTY_HOOK_SIMPLE_WRITE(cache_slot);
1080 property_offset = prop_info->offset;
1081 if (!ZEND_TYPE_IS_SET(prop_info->type)) {
1082 prop_info = NULL;
1083 }
1084 goto try_again;
1085 }
1086
1087 if (!zend_should_call_hook(prop_info, zobj)) {
1088 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
1089 zend_throw_no_prop_backing_value_access(zobj->ce->name, name, /* is_read */ false);
1090 variable_ptr = &EG(error_zval);
1091 goto exit;
1092 }
1093
1094 /* Writes to backing store can only occur in hooks, and hence will always remain simple. */
1095 zend_execute_data *execute_data = EG(current_execute_data);
1096 if (cache_slot && EX(opline) && EX(opline)->opcode == ZEND_ASSIGN_OBJ && EX(opline)->op1_type == IS_UNUSED) {
1097 ZEND_SET_PROPERTY_HOOK_SIMPLE_WRITE(cache_slot);
1098 }
1099
1100 property_offset = prop_info->offset;
1101 if (!ZEND_TYPE_IS_SET(prop_info->type)) {
1102 prop_info = NULL;
1103 }
1104 goto try_again;
1105 }
1106
1107 if (UNEXPECTED(prop_info->flags & ZEND_ACC_PPP_SET_MASK
1108 && !zend_asymmetric_property_has_set_access(prop_info))) {
1109 zend_asymmetric_visibility_property_modification_error(prop_info, "modify");
1110 variable_ptr = &EG(error_zval);
1111 goto exit;
1112 }
1113
1114 GC_ADDREF(zobj);
1115 zend_call_known_instance_method_with_1_params(set, zobj, NULL, value);
1116 OBJ_RELEASE(zobj);
1117
1118 variable_ptr = value;
1119 goto exit;
1120 } else if (UNEXPECTED(EG(exception))) {
1121 variable_ptr = &EG(error_zval);
1122 goto exit;
1123 }
1124
1125 /* magic set */
1126 if (zobj->ce->__set) {
1127 if (!guard) {
1128 guard = zend_get_property_guard(zobj, name);
1129 }
1130
1131 if (!((*guard) & IN_SET)) {
1132 GC_ADDREF(zobj);
1133 (*guard) |= IN_SET; /* prevent circular setting */
1134 zend_std_call_setter(zobj, name, value);
1135 (*guard) &= ~IN_SET;
1136 OBJ_RELEASE(zobj);
1137 variable_ptr = value;
1138 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1139 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1140 goto lazy_init;
1141 }
1142
1143 goto write_std_property;
1144 } else {
1145 /* Trigger the correct error */
1146 zend_wrong_offset(zobj->ce, name);
1147 ZEND_ASSERT(EG(exception));
1148 variable_ptr = &EG(error_zval);
1149 goto exit;
1150 }
1151 } else {
1152 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
1153 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1154 goto lazy_init;
1155 }
1156 write_std_property:
1157 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1158 variable_ptr = OBJ_PROP(zobj, property_offset);
1159
1160 Z_TRY_ADDREF_P(value);
1161 if (prop_info) {
1162 goto typed_property;
1163 }
1164
1165 ZVAL_COPY_VALUE(variable_ptr, value);
1166 } else {
1167 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1168 zend_forbidden_dynamic_property(zobj->ce, name);
1169 variable_ptr = &EG(error_zval);
1170 goto exit;
1171 }
1172 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1173 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1174 variable_ptr = &EG(error_zval);
1175 goto exit;
1176 }
1177 }
1178
1179 Z_TRY_ADDREF_P(value);
1180 variable_ptr = zend_hash_add_new(zend_std_get_properties(zobj), name, value);
1181 }
1182 }
1183
1184 exit:
1185 return variable_ptr;
1186
1187 lazy_init:;
1188 /* backup value as it may change during initialization */
1189 zval backup;
1190 ZVAL_COPY(&backup, value);
1191
1192 zobj = zend_lazy_object_init(zobj);
1193 if (UNEXPECTED(!zobj)) {
1194 variable_ptr = &EG(error_zval);
1195 zval_ptr_dtor(&backup);
1196 goto exit;
1197 }
1198
1199 variable_ptr = zend_std_write_property(zobj, name, &backup, cache_slot);
1200 zval_ptr_dtor(&backup);
1201 return variable_ptr;
1202 }
1203 /* }}} */
1204
zend_bad_array_access(zend_class_entry * ce)1205 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
1206 {
1207 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
1208 }
1209 /* }}} */
1210
zend_std_read_dimension(zend_object * object,zval * offset,int type,zval * rv)1211 ZEND_API zval *zend_std_read_dimension(zend_object *object, zval *offset, int type, zval *rv) /* {{{ */
1212 {
1213 zend_class_entry *ce = object->ce;
1214 zval tmp_offset;
1215
1216 /* arrayaccess_funcs_ptr is set if (and only if) the class implements zend_ce_arrayaccess */
1217 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1218 if (EXPECTED(funcs)) {
1219 if (offset == NULL) {
1220 /* [] construct */
1221 ZVAL_NULL(&tmp_offset);
1222 } else {
1223 ZVAL_COPY_DEREF(&tmp_offset, offset);
1224 }
1225
1226 GC_ADDREF(object);
1227 if (type == BP_VAR_IS) {
1228 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, rv, &tmp_offset);
1229 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
1230 OBJ_RELEASE(object);
1231 zval_ptr_dtor(&tmp_offset);
1232 return NULL;
1233 }
1234 if (!i_zend_is_true(rv)) {
1235 OBJ_RELEASE(object);
1236 zval_ptr_dtor(&tmp_offset);
1237 zval_ptr_dtor(rv);
1238 return &EG(uninitialized_zval);
1239 }
1240 zval_ptr_dtor(rv);
1241 }
1242
1243 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, rv, &tmp_offset);
1244
1245 OBJ_RELEASE(object);
1246 zval_ptr_dtor(&tmp_offset);
1247
1248 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
1249 if (UNEXPECTED(!EG(exception))) {
1250 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
1251 }
1252 return NULL;
1253 }
1254 return rv;
1255 } else {
1256 zend_bad_array_access(ce);
1257 return NULL;
1258 }
1259 }
1260 /* }}} */
1261
zend_std_write_dimension(zend_object * object,zval * offset,zval * value)1262 ZEND_API void zend_std_write_dimension(zend_object *object, zval *offset, zval *value) /* {{{ */
1263 {
1264 zend_class_entry *ce = object->ce;
1265 zval tmp_offset;
1266
1267 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1268 if (EXPECTED(funcs)) {
1269 if (!offset) {
1270 ZVAL_NULL(&tmp_offset);
1271 } else {
1272 ZVAL_COPY_DEREF(&tmp_offset, offset);
1273 }
1274 GC_ADDREF(object);
1275 zend_call_known_instance_method_with_2_params(funcs->zf_offsetset, object, NULL, &tmp_offset, value);
1276 OBJ_RELEASE(object);
1277 zval_ptr_dtor(&tmp_offset);
1278 } else {
1279 zend_bad_array_access(ce);
1280 }
1281 }
1282 /* }}} */
1283
1284 // todo: make zend_std_has_dimension return bool as well
zend_std_has_dimension(zend_object * object,zval * offset,int check_empty)1285 ZEND_API int zend_std_has_dimension(zend_object *object, zval *offset, int check_empty) /* {{{ */
1286 {
1287 zend_class_entry *ce = object->ce;
1288 zval retval, tmp_offset;
1289 bool result;
1290
1291 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1292 if (EXPECTED(funcs)) {
1293 ZVAL_COPY_DEREF(&tmp_offset, offset);
1294 GC_ADDREF(object);
1295 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, &retval, &tmp_offset);
1296 result = i_zend_is_true(&retval);
1297 zval_ptr_dtor(&retval);
1298 if (check_empty && result && EXPECTED(!EG(exception))) {
1299 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, &retval, &tmp_offset);
1300 result = i_zend_is_true(&retval);
1301 zval_ptr_dtor(&retval);
1302 }
1303 OBJ_RELEASE(object);
1304 zval_ptr_dtor(&tmp_offset);
1305 } else {
1306 zend_bad_array_access(ce);
1307 return 0;
1308 }
1309
1310 return result;
1311 }
1312 /* }}} */
1313
zend_std_get_property_ptr_ptr(zend_object * zobj,zend_string * name,int type,void ** cache_slot)1314 ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *name, int type, void **cache_slot) /* {{{ */
1315 {
1316 zval *retval = NULL;
1317 uintptr_t property_offset;
1318 const zend_property_info *prop_info = NULL;
1319
1320 #if DEBUG_OBJECT_HANDLERS
1321 fprintf(stderr, "Ptr object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
1322 #endif
1323
1324 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1325
1326 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1327 retval = OBJ_PROP(zobj, property_offset);
1328 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1329 if (EXPECTED(!zobj->ce->__get) ||
1330 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1331 UNEXPECTED(prop_info && (Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT))) {
1332 if (UNEXPECTED(zend_lazy_object_must_init(zobj) && (Z_PROP_FLAG_P(retval) & IS_PROP_LAZY))) {
1333 zobj = zend_lazy_object_init(zobj);
1334 if (!zobj) {
1335 return &EG(error_zval);
1336 }
1337
1338 return zend_std_get_property_ptr_ptr(zobj, name, type, cache_slot);
1339 }
1340 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1341 if (prop_info) {
1342 zend_typed_property_uninitialized_access(prop_info, name);
1343 retval = &EG(error_zval);
1344 } else {
1345 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1346 /* An error handler may set the property */
1347 if (EXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1348 ZVAL_NULL(retval);
1349 }
1350 }
1351 } else if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
1352 if ((prop_info->flags & ZEND_ACC_READONLY) || !zend_asymmetric_property_has_set_access(prop_info)) {
1353 retval = NULL;
1354 }
1355 } else if (!prop_info || !ZEND_TYPE_IS_SET(prop_info->type)) {
1356 ZVAL_NULL(retval);
1357 }
1358 } else {
1359 /* we do have getter - fail and let it try again with usual get/set */
1360 retval = NULL;
1361 }
1362 } else if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
1363 if ((prop_info->flags & ZEND_ACC_READONLY) || !zend_asymmetric_property_has_set_access(prop_info)) {
1364 retval = NULL;
1365 }
1366 }
1367 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1368 if (EXPECTED(zobj->properties)) {
1369 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1370 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1371 GC_DELREF(zobj->properties);
1372 }
1373 zobj->properties = zend_array_dup(zobj->properties);
1374 }
1375 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1376 return retval;
1377 }
1378 }
1379 if (EXPECTED(!zobj->ce->__get) ||
1380 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1381 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1382 zend_forbidden_dynamic_property(zobj->ce, name);
1383 return &EG(error_zval);
1384 }
1385 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1386 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1387 return &EG(error_zval);
1388 }
1389 }
1390 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1391 zobj = zend_lazy_object_init(zobj);
1392 if (!zobj) {
1393 return &EG(error_zval);
1394 }
1395
1396 return zend_std_get_property_ptr_ptr(zobj, name, type, cache_slot);
1397 }
1398 if (UNEXPECTED(!zobj->properties)) {
1399 rebuild_object_properties_internal(zobj);
1400 }
1401 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1402 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1403 }
1404 retval = zend_hash_add(zobj->properties, name, &EG(uninitialized_zval));
1405 }
1406 } else if (!IS_HOOKED_PROPERTY_OFFSET(property_offset) && zobj->ce->__get == NULL) {
1407 retval = &EG(error_zval);
1408 }
1409
1410 return retval;
1411 }
1412 /* }}} */
1413
zend_std_unset_property(zend_object * zobj,zend_string * name,void ** cache_slot)1414 ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void **cache_slot) /* {{{ */
1415 {
1416 uintptr_t property_offset;
1417 const zend_property_info *prop_info = NULL;
1418 uint32_t *guard = NULL;
1419
1420 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1421
1422 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1423 zval *slot = OBJ_PROP(zobj, property_offset);
1424
1425 if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
1426 bool error;
1427 if (Z_TYPE_P(slot) != IS_UNDEF || Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT || !zobj->ce->__unset) {
1428 error = true;
1429 } else {
1430 guard = zend_get_property_guard(zobj, name);
1431 error = (*guard) & IN_UNSET;
1432 }
1433 if (error) {
1434 if ((prop_info->flags & ZEND_ACC_READONLY)
1435 && Z_TYPE_P(slot) != IS_UNDEF
1436 && !(Z_PROP_FLAG_P(slot) & IS_PROP_REINITABLE)) {
1437 zend_readonly_property_unset_error(prop_info->ce, name);
1438 return;
1439 }
1440 if ((prop_info->flags & ZEND_ACC_PPP_SET_MASK) && !zend_asymmetric_property_has_set_access(prop_info)) {
1441 zend_asymmetric_visibility_property_modification_error(prop_info, "unset");
1442 return;
1443 }
1444 }
1445 }
1446
1447 if (Z_TYPE_P(slot) != IS_UNDEF) {
1448 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1449 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1450 if (prop_info) {
1451 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1452 }
1453 }
1454 zval tmp;
1455 ZVAL_COPY_VALUE(&tmp, slot);
1456 ZVAL_UNDEF(slot);
1457 zval_ptr_dtor(&tmp);
1458 if (zobj->properties) {
1459 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1460 }
1461 return;
1462 }
1463 if (UNEXPECTED(Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT)) {
1464 if (UNEXPECTED(zend_lazy_object_must_init(zobj) && (Z_PROP_FLAG_P(slot) & IS_PROP_LAZY))) {
1465 zobj = zend_lazy_object_init(zobj);
1466 if (!zobj) {
1467 return;
1468 }
1469 zend_std_unset_property(zobj, name, cache_slot);
1470 return;
1471 }
1472
1473 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1474 Z_PROP_FLAG_P(slot) = 0;
1475 return;
1476 }
1477 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1478 && EXPECTED(zobj->properties != NULL)) {
1479 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1480 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1481 GC_DELREF(zobj->properties);
1482 }
1483 zobj->properties = zend_array_dup(zobj->properties);
1484 }
1485 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1486 return;
1487 }
1488 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
1489 zend_throw_error(NULL, "Cannot unset hooked property %s::$%s",
1490 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1491 return;
1492 } else if (UNEXPECTED(EG(exception))) {
1493 return;
1494 }
1495
1496 /* magic unset */
1497 if (zobj->ce->__unset) {
1498 if (!guard) {
1499 guard = zend_get_property_guard(zobj, name);
1500 }
1501 if (!((*guard) & IN_UNSET)) {
1502 /* have unsetter - try with it! */
1503 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1504 zend_std_call_unsetter(zobj, name);
1505 (*guard) &= ~IN_UNSET;
1506 return;
1507 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1508 /* Trigger the correct error */
1509 zend_wrong_offset(zobj->ce, name);
1510 ZEND_ASSERT(EG(exception));
1511 return;
1512 } else {
1513 /* Nothing to do: The property already does not exist. */
1514 }
1515 }
1516
1517 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
1518 zobj = zend_lazy_object_init(zobj);
1519 if (!zobj) {
1520 return;
1521 }
1522 zend_std_unset_property(zobj, name, cache_slot);
1523 return;
1524 }
1525 }
1526 /* }}} */
1527
zend_std_unset_dimension(zend_object * object,zval * offset)1528 ZEND_API void zend_std_unset_dimension(zend_object *object, zval *offset) /* {{{ */
1529 {
1530 zend_class_entry *ce = object->ce;
1531 zval tmp_offset;
1532
1533 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1534 if (EXPECTED(funcs)) {
1535 ZVAL_COPY_DEREF(&tmp_offset, offset);
1536 GC_ADDREF(object);
1537 zend_call_known_instance_method_with_1_params(funcs->zf_offsetunset, object, NULL, &tmp_offset);
1538 OBJ_RELEASE(object);
1539 zval_ptr_dtor(&tmp_offset);
1540 } else {
1541 zend_bad_array_access(ce);
1542 }
1543 }
1544 /* }}} */
1545
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1546 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1547 {
1548 zval *func;
1549 zend_function *fbc;
1550
1551 if (scope != ce && scope && is_derived_class(ce, scope)) {
1552 func = zend_hash_find(&scope->function_table, function_name);
1553 if (func != NULL) {
1554 fbc = Z_FUNC_P(func);
1555 if ((fbc->common.fn_flags & ZEND_ACC_PRIVATE)
1556 && fbc->common.scope == scope) {
1557 return fbc;
1558 }
1559 }
1560 }
1561 return NULL;
1562 }
1563 /* }}} */
1564
1565 /* Ensures that we're allowed to call a protected method.
1566 */
zend_check_protected(const zend_class_entry * ce,const zend_class_entry * scope)1567 ZEND_API bool zend_check_protected(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
1568 {
1569 const zend_class_entry *fbc_scope = ce;
1570
1571 /* Is the context that's calling the function, the same as one of
1572 * the function's parents?
1573 */
1574 while (fbc_scope) {
1575 if (fbc_scope==scope) {
1576 return 1;
1577 }
1578 fbc_scope = fbc_scope->parent;
1579 }
1580
1581 /* Is the function's scope the same as our current object context,
1582 * or any of the parents of our context?
1583 */
1584 while (scope) {
1585 if (scope==ce) {
1586 return 1;
1587 }
1588 scope = scope->parent;
1589 }
1590 return 0;
1591 }
1592 /* }}} */
1593
zend_get_call_trampoline_func(const zend_class_entry * ce,zend_string * method_name,bool is_static)1594 ZEND_API zend_function *zend_get_call_trampoline_func(const zend_class_entry *ce, zend_string *method_name, bool is_static) /* {{{ */
1595 {
1596 size_t mname_len;
1597 zend_op_array *func;
1598 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1599 /* We use non-NULL value to avoid useless run_time_cache allocation.
1600 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1601 */
1602 static const void *dummy = (void*)(intptr_t)2;
1603 static const zend_arg_info arg_info[1] = {{0}};
1604
1605 ZEND_ASSERT(fbc);
1606
1607 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1608 func = &EG(trampoline).op_array;
1609 } else {
1610 func = ecalloc(1, sizeof(zend_op_array));
1611 }
1612
1613 func->type = ZEND_USER_FUNCTION;
1614 func->arg_flags[0] = 0;
1615 func->arg_flags[1] = 0;
1616 func->arg_flags[2] = 0;
1617 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE
1618 | ZEND_ACC_PUBLIC
1619 | ZEND_ACC_VARIADIC
1620 | (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE);
1621 if (is_static) {
1622 func->fn_flags |= ZEND_ACC_STATIC;
1623 }
1624 func->opcodes = &EG(call_trampoline_op);
1625 ZEND_MAP_PTR_INIT(func->run_time_cache, (void**)dummy);
1626 func->scope = fbc->common.scope;
1627 /* reserve space for arguments, local and temporary variables */
1628 /* EG(trampoline) is reused from other places, like FFI (e.g. zend_ffi_cdata_get_closure()) where
1629 * it is used as an internal function. It may set fields that don't belong to common, thus
1630 * modifying zend_op_array specific data, most significantly last_var. We need to reset this
1631 * value so that it doesn't contain garbage when the engine allocates space for the next stack
1632 * frame. This didn't cause any issues until now due to "lucky" structure layout. */
1633 func->last_var = 0;
1634 uint32_t min_T = 2 + ZEND_OBSERVER_ENABLED;
1635 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, min_T) : min_T;
1636 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1637 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1638 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1639
1640 //??? keep compatibility for "\0" characters
1641 //??? see: Zend/tests/bug46238.phpt
1642 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1643 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1644 } else {
1645 func->function_name = zend_string_copy(method_name);
1646 }
1647
1648 func->prototype = NULL;
1649 func->prop_info = NULL;
1650 func->num_args = 0;
1651 func->required_num_args = 0;
1652 func->arg_info = (zend_arg_info *) arg_info;
1653
1654 return (zend_function*)func;
1655 }
1656 /* }}} */
1657
ZEND_FUNCTION(zend_parent_hook_get_trampoline)1658 static ZEND_FUNCTION(zend_parent_hook_get_trampoline)
1659 {
1660 zend_object *obj = Z_PTR_P(ZEND_THIS);
1661 zend_string *prop_name = EX(func)->internal_function.reserved[0];
1662
1663 if (UNEXPECTED(ZEND_NUM_ARGS() != 0)) {
1664 zend_wrong_parameters_none_error();
1665 goto clean;
1666 }
1667
1668 zval rv;
1669 zval *retval = obj->handlers->read_property(obj, prop_name, BP_VAR_R, NULL, &rv);
1670 if (retval == &rv) {
1671 RETVAL_COPY_VALUE(retval);
1672 } else {
1673 RETVAL_COPY(retval);
1674 }
1675
1676 clean:
1677 zend_string_release(EX(func)->common.function_name);
1678 zend_free_trampoline(EX(func));
1679 EX(func) = NULL;
1680 }
1681
ZEND_FUNCTION(zend_parent_hook_set_trampoline)1682 static ZEND_FUNCTION(zend_parent_hook_set_trampoline)
1683 {
1684 zend_object *obj = Z_PTR_P(ZEND_THIS);
1685 zend_string *prop_name = EX(func)->internal_function.reserved[0];
1686
1687 zval *value;
1688
1689 ZEND_PARSE_PARAMETERS_START(1, 1)
1690 Z_PARAM_ZVAL(value)
1691 ZEND_PARSE_PARAMETERS_END_EX(goto clean);
1692
1693 RETVAL_COPY(obj->handlers->write_property(obj, prop_name, value, NULL));
1694
1695 clean:
1696 zend_string_release(EX(func)->common.function_name);
1697 zend_free_trampoline(EX(func));
1698 EX(func) = NULL;
1699 }
1700
zend_get_property_hook_trampoline(const zend_property_info * prop_info,zend_property_hook_kind kind,zend_string * prop_name)1701 ZEND_API zend_function *zend_get_property_hook_trampoline(
1702 const zend_property_info *prop_info,
1703 zend_property_hook_kind kind, zend_string *prop_name)
1704 {
1705 static const zend_arg_info arg_info[1] = {{0}};
1706 zend_function *func;
1707 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1708 func = &EG(trampoline);
1709 } else {
1710 func = (zend_function *)(uintptr_t)ecalloc(1, sizeof(zend_internal_function));
1711 }
1712 func->type = ZEND_INTERNAL_FUNCTION;
1713 func->common.arg_flags[0] = 0;
1714 func->common.arg_flags[1] = 0;
1715 func->common.arg_flags[2] = 0;
1716 func->common.fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE;
1717 func->common.function_name = zend_string_concat3(
1718 "$", 1, ZSTR_VAL(prop_name), ZSTR_LEN(prop_name),
1719 kind == ZEND_PROPERTY_HOOK_GET ? "::get" : "::set", 5);
1720 /* set to 0 to avoid arg_info[] allocation, because all values are passed by value anyway */
1721 uint32_t args = kind == ZEND_PROPERTY_HOOK_GET ? 0 : 1;
1722 func->common.num_args = args;
1723 func->common.required_num_args = args;
1724 func->common.scope = prop_info->ce;
1725 func->common.prototype = NULL;
1726 func->common.prop_info = prop_info;
1727 func->common.arg_info = (zend_arg_info *) arg_info;
1728 func->internal_function.handler = kind == ZEND_PROPERTY_HOOK_GET
1729 ? ZEND_FN(zend_parent_hook_get_trampoline)
1730 : ZEND_FN(zend_parent_hook_set_trampoline);
1731 func->internal_function.module = NULL;
1732
1733 func->internal_function.reserved[0] = prop_name;
1734 func->internal_function.reserved[1] = NULL;
1735
1736 return func;
1737 }
1738
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1739 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1740 {
1741 return zend_get_call_trampoline_func(ce, method_name, 0);
1742 }
1743 /* }}} */
1744
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1745 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1746 {
1747 zend_throw_error(NULL, "Call to %s method %s::%s() from %s%s",
1748 zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name),
1749 scope ? "scope " : "global scope",
1750 scope ? ZSTR_VAL(scope->name) : ""
1751 );
1752 }
1753 /* }}} */
1754
zend_abstract_method_call(zend_function * fbc)1755 static ZEND_COLD zend_never_inline void zend_abstract_method_call(zend_function *fbc) /* {{{ */
1756 {
1757 zend_throw_error(NULL, "Cannot call abstract method %s::%s()",
1758 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1759 }
1760 /* }}} */
1761
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1762 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1763 {
1764 zend_object *zobj = *obj_ptr;
1765 zval *func;
1766 zend_function *fbc;
1767 zend_string *lc_method_name;
1768 zend_class_entry *scope;
1769 ALLOCA_FLAG(use_heap);
1770
1771 if (EXPECTED(key != NULL)) {
1772 lc_method_name = Z_STR_P(key);
1773 #ifdef ZEND_ALLOCA_MAX_SIZE
1774 use_heap = 0;
1775 #endif
1776 } else {
1777 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1778 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1779 }
1780
1781 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1782 if (UNEXPECTED(!key)) {
1783 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1784 }
1785 if (zobj->ce->__call) {
1786 return zend_get_user_call_function(zobj->ce, method_name);
1787 } else {
1788 return NULL;
1789 }
1790 }
1791
1792 fbc = Z_FUNC_P(func);
1793
1794 /* Check access level */
1795 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1796 scope = zend_get_executed_scope();
1797
1798 if (fbc->common.scope != scope) {
1799 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1800 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1801
1802 if (EXPECTED(updated_fbc != NULL)) {
1803 fbc = updated_fbc;
1804 goto exit;
1805 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1806 goto exit;
1807 }
1808 }
1809 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1810 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1811 if (zobj->ce->__call) {
1812 fbc = zend_get_user_call_function(zobj->ce, method_name);
1813 } else {
1814 zend_bad_method_call(fbc, method_name, scope);
1815 fbc = NULL;
1816 }
1817 }
1818 }
1819 }
1820
1821 exit:
1822 if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1823 zend_abstract_method_call(fbc);
1824 fbc = NULL;
1825 }
1826 if (UNEXPECTED(!key)) {
1827 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1828 }
1829 return fbc;
1830 }
1831 /* }}} */
1832
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1833 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1834 {
1835 return zend_get_call_trampoline_func(ce, method_name, 1);
1836 }
1837 /* }}} */
1838
get_static_method_fallback(zend_class_entry * ce,zend_string * function_name)1839 static zend_always_inline zend_function *get_static_method_fallback(
1840 zend_class_entry *ce, zend_string *function_name)
1841 {
1842 zend_object *object;
1843 if (ce->__call &&
1844 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1845 instanceof_function(object->ce, ce)) {
1846 /* Call the top-level defined __call().
1847 * see: tests/classes/__call_004.phpt */
1848
1849 ZEND_ASSERT(object->ce->__call);
1850 return zend_get_user_call_function(object->ce, function_name);
1851 } else if (ce->__callstatic) {
1852 return zend_get_user_callstatic_function(ce, function_name);
1853 } else {
1854 return NULL;
1855 }
1856 }
1857
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1858 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1859 {
1860 zend_string *lc_function_name;
1861 if (EXPECTED(key != NULL)) {
1862 lc_function_name = Z_STR_P(key);
1863 } else {
1864 lc_function_name = zend_string_tolower(function_name);
1865 }
1866
1867 zend_function *fbc;
1868 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1869 if (EXPECTED(func)) {
1870 fbc = Z_FUNC_P(func);
1871 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1872 zend_class_entry *scope = zend_get_executed_scope();
1873 if (UNEXPECTED(fbc->common.scope != scope)) {
1874 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1875 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1876 zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
1877 if (!fallback_fbc) {
1878 zend_bad_method_call(fbc, function_name, scope);
1879 }
1880 fbc = fallback_fbc;
1881 }
1882 }
1883 }
1884 } else {
1885 fbc = get_static_method_fallback(ce, function_name);
1886 }
1887
1888 if (UNEXPECTED(!key)) {
1889 zend_string_release_ex(lc_function_name, 0);
1890 }
1891
1892 if (EXPECTED(fbc)) {
1893 if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1894 zend_abstract_method_call(fbc);
1895 fbc = NULL;
1896 } else if (UNEXPECTED(fbc->common.scope->ce_flags & ZEND_ACC_TRAIT)) {
1897 zend_error(E_DEPRECATED,
1898 "Calling static trait method %s::%s is deprecated, "
1899 "it should only be called on a class using the trait",
1900 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1901 if (EG(exception)) {
1902 return NULL;
1903 }
1904 }
1905 }
1906
1907 return fbc;
1908 }
1909 /* }}} */
1910
zend_class_init_statics(zend_class_entry * class_type)1911 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1912 {
1913 int i;
1914 zval *p;
1915
1916 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1917 if (class_type->parent) {
1918 zend_class_init_statics(class_type->parent);
1919 }
1920
1921 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1922 for (i = 0; i < class_type->default_static_members_count; i++) {
1923 p = &class_type->default_static_members_table[i];
1924 if (Z_TYPE_P(p) == IS_INDIRECT) {
1925 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1926 ZVAL_DEINDIRECT(q);
1927 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1928 } else {
1929 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1930 }
1931 }
1932 }
1933 } /* }}} */
1934
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1935 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1936 {
1937 zval *ret;
1938 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1939 *property_info_ptr = property_info;
1940
1941 if (UNEXPECTED(property_info == NULL)) {
1942 goto undeclared_property;
1943 }
1944
1945 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1946 zend_class_entry *scope = get_fake_or_executed_scope();
1947 if (property_info->ce != scope) {
1948 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1949 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1950 if (type != BP_VAR_IS) {
1951 zend_bad_property_access(property_info, ce, property_name);
1952 }
1953 return NULL;
1954 }
1955 }
1956 }
1957
1958 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1959 undeclared_property:
1960 if (type != BP_VAR_IS) {
1961 zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1962 }
1963 return NULL;
1964 }
1965
1966 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1967 if (UNEXPECTED(zend_update_class_constants(ce) != SUCCESS)) {
1968 return NULL;
1969 }
1970 }
1971
1972 /* Ensure static properties are initialized. */
1973 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1974 zend_class_init_statics(ce);
1975 }
1976
1977 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1978 ZVAL_DEINDIRECT(ret);
1979
1980 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1981 && Z_TYPE_P(ret) == IS_UNDEF && ZEND_TYPE_IS_SET(property_info->type))) {
1982 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1983 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1984 return NULL;
1985 }
1986
1987 if (UNEXPECTED(ce->ce_flags & ZEND_ACC_TRAIT)) {
1988 zend_error(E_DEPRECATED,
1989 "Accessing static trait property %s::$%s is deprecated, "
1990 "it should only be accessed on a class using the trait",
1991 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1992 }
1993
1994 return ret;
1995 }
1996 /* }}} */
1997
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1998 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1999 {
2000 zend_property_info *prop_info;
2001 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
2002 }
2003
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)2004 ZEND_API ZEND_COLD bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
2005 {
2006 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
2007 return 0;
2008 }
2009 /* }}} */
2010
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)2011 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
2012 {
2013 if (scope) {
2014 zend_throw_error(NULL, "Call to %s %s::%s() from scope %s",
2015 zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name),
2016 ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name)
2017 );
2018 } else {
2019 zend_throw_error(NULL, "Call to %s %s::%s() from global scope", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
2020 }
2021 }
2022 /* }}} */
2023
zend_std_get_constructor(zend_object * zobj)2024 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
2025 {
2026 zend_function *constructor = zobj->ce->constructor;
2027
2028 if (constructor) {
2029 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
2030 zend_class_entry *scope = get_fake_or_executed_scope();
2031 if (UNEXPECTED(constructor->common.scope != scope)) {
2032 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
2033 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
2034 zend_bad_constructor_call(constructor, scope);
2035 zend_object_store_ctor_failed(zobj);
2036 constructor = NULL;
2037 }
2038 }
2039 }
2040 }
2041
2042 return constructor;
2043 }
2044 /* }}} */
2045
zend_std_compare_objects(zval * o1,zval * o2)2046 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
2047 {
2048 zend_object *zobj1, *zobj2;
2049
2050 if (Z_TYPE_P(o1) != Z_TYPE_P(o2)) {
2051 /* Object and non-object */
2052 zval *object;
2053 zval *value;
2054 zval casted;
2055 bool object_lhs;
2056 if (Z_TYPE_P(o1) == IS_OBJECT) {
2057 object = o1;
2058 value = o2;
2059 object_lhs = true;
2060 } else {
2061 object = o2;
2062 value = o1;
2063 object_lhs = false;
2064 }
2065 ZEND_ASSERT(Z_TYPE_P(value) != IS_OBJECT);
2066 uint8_t target_type = (Z_TYPE_P(value) == IS_FALSE || Z_TYPE_P(value) == IS_TRUE)
2067 ? _IS_BOOL : Z_TYPE_P(value);
2068 if (Z_OBJ_HT_P(object)->cast_object(Z_OBJ_P(object), &casted, target_type) == FAILURE) {
2069 // TODO: Less crazy.
2070 if (target_type == IS_LONG || target_type == IS_DOUBLE) {
2071 zend_error(E_NOTICE, "Object of class %s could not be converted to %s",
2072 ZSTR_VAL(Z_OBJCE_P(object)->name), zend_get_type_by_const(target_type));
2073 if (target_type == IS_LONG) {
2074 ZVAL_LONG(&casted, 1);
2075 } else {
2076 ZVAL_DOUBLE(&casted, 1.0);
2077 }
2078 } else {
2079 return object_lhs ? 1 : -1;
2080 }
2081 }
2082 int ret = object_lhs ? zend_compare(&casted, value) : zend_compare(value, &casted);
2083 zval_ptr_dtor(&casted);
2084 return ret;
2085 }
2086
2087 zobj1 = Z_OBJ_P(o1);
2088 zobj2 = Z_OBJ_P(o2);
2089
2090 if (zobj1 == zobj2) {
2091 return 0; /* the same object */
2092 }
2093 if (zobj1->ce != zobj2->ce) {
2094 return ZEND_UNCOMPARABLE; /* different classes */
2095 }
2096 if (!zobj1->properties && !zobj2->properties
2097 && !zend_object_is_lazy(zobj1) && !zend_object_is_lazy(zobj2)) {
2098 zend_property_info *info;
2099 int i;
2100
2101 if (!zobj1->ce->default_properties_count) {
2102 return 0;
2103 }
2104
2105 /* It's enough to protect only one of the objects.
2106 * The second one may be referenced from the first and this may cause
2107 * false recursion detection.
2108 */
2109 /* use bitwise OR to make only one conditional jump */
2110 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
2111 zend_throw_error(NULL, "Nesting level too deep - recursive dependency?");
2112 return ZEND_UNCOMPARABLE;
2113 }
2114 Z_PROTECT_RECURSION_P(o1);
2115
2116 for (i = 0; i < zobj1->ce->default_properties_count; i++) {
2117 zval *p1, *p2;
2118
2119 info = zobj1->ce->properties_info_table[i];
2120
2121 if (!info) {
2122 continue;
2123 }
2124
2125 p1 = OBJ_PROP(zobj1, info->offset);
2126 p2 = OBJ_PROP(zobj2, info->offset);
2127
2128 if (Z_TYPE_P(p1) != IS_UNDEF) {
2129 if (Z_TYPE_P(p2) != IS_UNDEF) {
2130 int ret;
2131
2132 ret = zend_compare(p1, p2);
2133 if (ret != 0) {
2134 Z_UNPROTECT_RECURSION_P(o1);
2135 return ret;
2136 }
2137 } else {
2138 Z_UNPROTECT_RECURSION_P(o1);
2139 return 1;
2140 }
2141 } else {
2142 if (Z_TYPE_P(p2) != IS_UNDEF) {
2143 Z_UNPROTECT_RECURSION_P(o1);
2144 return 1;
2145 }
2146 }
2147 }
2148
2149 Z_UNPROTECT_RECURSION_P(o1);
2150 return 0;
2151 } else {
2152 return zend_compare_symbol_tables(
2153 zend_std_get_properties_ex(zobj1),
2154 zend_std_get_properties_ex(zobj2));
2155 }
2156 }
2157 /* }}} */
2158
zend_objects_not_comparable(zval * o1,zval * o2)2159 ZEND_API int zend_objects_not_comparable(zval *o1, zval *o2)
2160 {
2161 return ZEND_UNCOMPARABLE;
2162 }
2163
2164 // todo: make zend_std_has_property return bool as well
zend_std_has_property(zend_object * zobj,zend_string * name,int has_set_exists,void ** cache_slot)2165 ZEND_API int zend_std_has_property(zend_object *zobj, zend_string *name, int has_set_exists, void **cache_slot) /* {{{ */
2166 {
2167 bool result;
2168 zval *value = NULL;
2169 uintptr_t property_offset;
2170 const zend_property_info *prop_info = NULL;
2171
2172 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
2173
2174 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
2175 try_again:
2176 value = OBJ_PROP(zobj, property_offset);
2177 if (Z_TYPE_P(value) != IS_UNDEF) {
2178 goto found;
2179 }
2180 if (UNEXPECTED(Z_PROP_FLAG_P(value) & IS_PROP_UNINIT)) {
2181 /* Skip __isset() for uninitialized typed properties */
2182 goto lazy_init;
2183 }
2184 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
2185 if (EXPECTED(zobj->properties != NULL)) {
2186 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
2187 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
2188
2189 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
2190 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
2191
2192 if (EXPECTED(p->key == name) ||
2193 (EXPECTED(p->h == ZSTR_H(name)) &&
2194 EXPECTED(p->key != NULL) &&
2195 EXPECTED(zend_string_equal_content(p->key, name)))) {
2196 value = &p->val;
2197 goto found;
2198 }
2199 }
2200 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
2201 }
2202 value = zend_hash_find(zobj->properties, name);
2203 if (value) {
2204 if (cache_slot) {
2205 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
2206 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
2207 }
2208 found:
2209 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
2210 result = zend_is_true(value);
2211 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
2212 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
2213 ZVAL_DEREF(value);
2214 result = (Z_TYPE_P(value) != IS_NULL);
2215 } else {
2216 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
2217 result = true;
2218 }
2219 goto exit;
2220 }
2221 }
2222 } else if (IS_HOOKED_PROPERTY_OFFSET(property_offset)) {
2223 zend_function *get = prop_info->hooks[ZEND_PROPERTY_HOOK_GET];
2224
2225 if (has_set_exists == ZEND_PROPERTY_EXISTS) {
2226 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
2227 return true;
2228 }
2229 property_offset = prop_info->offset;
2230 goto try_again;
2231 }
2232
2233 if (!get) {
2234 if (prop_info->flags & ZEND_ACC_VIRTUAL) {
2235 zend_throw_error(NULL, "Property %s::$%s is write-only",
2236 ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
2237 return 0;
2238 } else {
2239 property_offset = prop_info->offset;
2240 goto try_again;
2241 }
2242 }
2243
2244 zval rv;
2245 if (!zend_call_get_hook(prop_info, name, get, zobj, &rv)) {
2246 if (EG(exception)) {
2247 return 0;
2248 }
2249 property_offset = prop_info->offset;
2250 goto try_again;
2251 }
2252
2253 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
2254 result = zend_is_true(&rv);
2255 } else {
2256 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
2257 result = Z_TYPE(rv) != IS_NULL
2258 && (Z_TYPE(rv) != IS_REFERENCE || Z_TYPE_P(Z_REFVAL(rv)) != IS_NULL);
2259 }
2260 zval_ptr_dtor(&rv);
2261 return result;
2262 } else if (UNEXPECTED(EG(exception))) {
2263 result = false;
2264 goto exit;
2265 }
2266
2267 if (!zobj->ce->__isset) {
2268 goto lazy_init;
2269 }
2270
2271 result = false;
2272 if (has_set_exists != ZEND_PROPERTY_EXISTS) {
2273 uint32_t *guard = zend_get_property_guard(zobj, name);
2274
2275 if (!((*guard) & IN_ISSET)) {
2276 zval rv;
2277
2278 /* have issetter - try with it! */
2279 GC_ADDREF(zobj);
2280 (*guard) |= IN_ISSET; /* prevent circular getting */
2281 zend_std_call_issetter(zobj, name, &rv);
2282 result = zend_is_true(&rv);
2283 zval_ptr_dtor(&rv);
2284 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
2285 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
2286 (*guard) |= IN_GET;
2287 zend_std_call_getter(zobj, name, &rv);
2288 (*guard) &= ~IN_GET;
2289 result = i_zend_is_true(&rv);
2290 zval_ptr_dtor(&rv);
2291 } else {
2292 result = false;
2293 }
2294 }
2295 (*guard) &= ~IN_ISSET;
2296 OBJ_RELEASE(zobj);
2297 }
2298 }
2299
2300 exit:
2301 return result;
2302
2303 lazy_init:
2304 if (UNEXPECTED(zend_lazy_object_must_init(zobj))) {
2305 if (!value || (Z_PROP_FLAG_P(value) & IS_PROP_LAZY)) {
2306 zobj = zend_lazy_object_init(zobj);
2307 if (!zobj) {
2308 result = 0;
2309 goto exit;
2310 }
2311
2312 return zend_std_has_property(zobj, name, has_set_exists, cache_slot);
2313 }
2314 }
2315
2316 result = 0;
2317 goto exit;
2318 }
2319 /* }}} */
2320
zend_std_get_class_name(const zend_object * zobj)2321 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
2322 {
2323 return zend_string_copy(zobj->ce->name);
2324 }
2325 /* }}} */
2326
zend_std_cast_object_tostring(zend_object * readobj,zval * writeobj,int type)2327 ZEND_API zend_result zend_std_cast_object_tostring(zend_object *readobj, zval *writeobj, int type) /* {{{ */
2328 {
2329 switch (type) {
2330 case IS_STRING: {
2331 zend_class_entry *ce = readobj->ce;
2332 if (ce->__tostring) {
2333 zval retval;
2334 GC_ADDREF(readobj);
2335 zend_call_known_instance_method_with_0_params(ce->__tostring, readobj, &retval);
2336 zend_object_release(readobj);
2337 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
2338 ZVAL_COPY_VALUE(writeobj, &retval);
2339 return SUCCESS;
2340 }
2341 zval_ptr_dtor(&retval);
2342 if (!EG(exception)) {
2343 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
2344 }
2345 }
2346 return FAILURE;
2347 }
2348 case _IS_BOOL:
2349 ZVAL_TRUE(writeobj);
2350 return SUCCESS;
2351 default:
2352 return FAILURE;
2353 }
2354 }
2355 /* }}} */
2356
zend_std_get_closure(zend_object * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr,bool check_only)2357 ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr, bool check_only) /* {{{ */
2358 {
2359 zend_class_entry *ce = obj->ce;
2360 zval *func = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE));
2361
2362 if (func == NULL) {
2363 return FAILURE;
2364 }
2365 *fptr_ptr = Z_FUNC_P(func);
2366
2367 *ce_ptr = ce;
2368 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
2369 if (obj_ptr) {
2370 *obj_ptr = NULL;
2371 }
2372 } else {
2373 if (obj_ptr) {
2374 *obj_ptr = obj;
2375 }
2376 }
2377 return SUCCESS;
2378 }
2379 /* }}} */
2380
zend_std_get_properties_for(zend_object * obj,zend_prop_purpose purpose)2381 ZEND_API HashTable *zend_std_get_properties_for(zend_object *obj, zend_prop_purpose purpose) {
2382 HashTable *ht;
2383 switch (purpose) {
2384 case ZEND_PROP_PURPOSE_DEBUG:
2385 if (obj->handlers->get_debug_info) {
2386 int is_temp;
2387 ht = obj->handlers->get_debug_info(obj, &is_temp);
2388 if (ht && !is_temp) {
2389 GC_TRY_ADDREF(ht);
2390 }
2391 return ht;
2392 }
2393 ZEND_FALLTHROUGH;
2394 case ZEND_PROP_PURPOSE_JSON:
2395 case ZEND_PROP_PURPOSE_GET_OBJECT_VARS:
2396 case ZEND_PROP_PURPOSE_VAR_EXPORT:
2397 if (obj->ce->num_hooked_props) {
2398 return zend_hooked_object_build_properties(obj);
2399 }
2400 ht = obj->handlers->get_properties(obj);
2401 if (ht) {
2402 GC_TRY_ADDREF(ht);
2403 }
2404 return ht;
2405 case ZEND_PROP_PURPOSE_ARRAY_CAST:
2406 ht = zend_get_properties_no_lazy_init(obj);
2407 if (ht) {
2408 GC_TRY_ADDREF(ht);
2409 }
2410 return ht;
2411 case ZEND_PROP_PURPOSE_SERIALIZE: {
2412 if (zend_object_is_lazy(obj)
2413 && !zend_lazy_object_initialize_on_serialize(obj)) {
2414 ht = zend_get_properties_no_lazy_init(obj);
2415 } else {
2416 ht = obj->handlers->get_properties(obj);
2417 }
2418 if (ht) {
2419 GC_TRY_ADDREF(ht);
2420 }
2421 return ht;
2422 }
2423 default:
2424 ZEND_UNREACHABLE();
2425 return NULL;
2426 }
2427 }
2428
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)2429 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
2430 zend_object *zobj = Z_OBJ_P(obj);
2431
2432 if (zobj->handlers->get_properties_for) {
2433 return zobj->handlers->get_properties_for(zobj, purpose);
2434 }
2435
2436 return zend_std_get_properties_for(zobj, purpose);
2437 }
2438
2439 ZEND_API const zend_object_handlers std_object_handlers = {
2440 0, /* offset */
2441
2442 zend_object_std_dtor, /* free_obj */
2443 zend_objects_destroy_object, /* dtor_obj */
2444 zend_objects_clone_obj, /* clone_obj */
2445
2446 zend_std_read_property, /* read_property */
2447 zend_std_write_property, /* write_property */
2448 zend_std_read_dimension, /* read_dimension */
2449 zend_std_write_dimension, /* write_dimension */
2450 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
2451 zend_std_has_property, /* has_property */
2452 zend_std_unset_property, /* unset_property */
2453 zend_std_has_dimension, /* has_dimension */
2454 zend_std_unset_dimension, /* unset_dimension */
2455 zend_std_get_properties, /* get_properties */
2456 zend_std_get_method, /* get_method */
2457 zend_std_get_constructor, /* get_constructor */
2458 zend_std_get_class_name, /* get_class_name */
2459 zend_std_cast_object_tostring, /* cast_object */
2460 NULL, /* count_elements */
2461 zend_std_get_debug_info, /* get_debug_info */
2462 zend_std_get_closure, /* get_closure */
2463 zend_std_get_gc, /* get_gc */
2464 NULL, /* do_operation */
2465 zend_std_compare_objects, /* compare */
2466 NULL, /* get_properties_for */
2467 };
2468
