1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Dmitry Stogov <dmitry@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "zend.h"
22 #include "zend_globals.h"
23 #include "zend_variables.h"
24 #include "zend_API.h"
25 #include "zend_objects.h"
26 #include "zend_objects_API.h"
27 #include "zend_object_handlers.h"
28 #include "zend_interfaces.h"
29 #include "zend_exceptions.h"
30 #include "zend_closures.h"
31 #include "zend_compile.h"
32 #include "zend_hash.h"
33
34 #define DEBUG_OBJECT_HANDLERS 0
35
36 #define ZEND_WRONG_PROPERTY_OFFSET 0
37
38 /* guard flags */
39 #define IN_GET ZEND_GUARD_PROPERTY_GET
40 #define IN_SET ZEND_GUARD_PROPERTY_SET
41 #define IN_UNSET ZEND_GUARD_PROPERTY_UNSET
42 #define IN_ISSET ZEND_GUARD_PROPERTY_ISSET
43
44 /*
45 __X accessors explanation:
46
47 if we have __get and property that is not part of the properties array is
48 requested, we call __get handler. If it fails, we return uninitialized.
49
50 if we have __set and property that is not part of the properties array is
51 set, we call __set handler. If it fails, we do not change the array.
52
53 for both handlers above, when we are inside __get/__set, no further calls for
54 __get/__set for this property of this object will be made, to prevent endless
55 recursion and enable accessors to change properties array.
56
57 if we have __call and method which is not part of the class function table is
58 called, we cal __call handler.
59 */
60
rebuild_object_properties(zend_object * zobj)61 ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
62 {
63 if (!zobj->properties) {
64 zend_property_info *prop_info;
65 zend_class_entry *ce = zobj->ce;
66 int i;
67
68 zobj->properties = zend_new_array(ce->default_properties_count);
69 if (ce->default_properties_count) {
70 zend_hash_real_init_mixed(zobj->properties);
71 for (i = 0; i < ce->default_properties_count; i++) {
72 prop_info = ce->properties_info_table[i];
73
74 if (!prop_info) {
75 continue;
76 }
77
78 if (UNEXPECTED(Z_TYPE_P(OBJ_PROP(zobj, prop_info->offset)) == IS_UNDEF)) {
79 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
80 }
81
82 _zend_hash_append_ind(zobj->properties, prop_info->name,
83 OBJ_PROP(zobj, prop_info->offset));
84 }
85 }
86 }
87 }
88 /* }}} */
89
zend_std_build_object_properties_array(zend_object * zobj)90 ZEND_API HashTable *zend_std_build_object_properties_array(zend_object *zobj) /* {{{ */
91 {
92 zend_property_info *prop_info;
93 zend_class_entry *ce = zobj->ce;
94 HashTable *ht;
95 zval* prop;
96 int i;
97
98 ZEND_ASSERT(!zobj->properties);
99 ht = zend_new_array(ce->default_properties_count);
100 if (ce->default_properties_count) {
101 zend_hash_real_init_mixed(ht);
102 for (i = 0; i < ce->default_properties_count; i++) {
103 prop_info = ce->properties_info_table[i];
104
105 if (!prop_info) {
106 continue;
107 }
108
109 prop = OBJ_PROP(zobj, prop_info->offset);
110 if (UNEXPECTED(Z_TYPE_P(prop) == IS_UNDEF)) {
111 continue;
112 }
113
114 if (Z_ISREF_P(prop) && Z_REFCOUNT_P(prop) == 1) {
115 prop = Z_REFVAL_P(prop);
116 }
117
118 Z_TRY_ADDREF_P(prop);
119 _zend_hash_append(ht, prop_info->name, prop);
120 }
121 }
122 return ht;
123 }
124 /* }}} */
125
zend_std_get_properties(zend_object * zobj)126 ZEND_API HashTable *zend_std_get_properties(zend_object *zobj) /* {{{ */
127 {
128 if (!zobj->properties) {
129 rebuild_object_properties(zobj);
130 }
131 return zobj->properties;
132 }
133 /* }}} */
134
zend_std_get_gc(zend_object * zobj,zval ** table,int * n)135 ZEND_API HashTable *zend_std_get_gc(zend_object *zobj, zval **table, int *n) /* {{{ */
136 {
137 if (zobj->handlers->get_properties != zend_std_get_properties) {
138 *table = NULL;
139 *n = 0;
140 return zobj->handlers->get_properties(zobj);
141 } else {
142 if (zobj->properties) {
143 *table = NULL;
144 *n = 0;
145 return zobj->properties;
146 } else {
147 *table = zobj->properties_table;
148 *n = zobj->ce->default_properties_count;
149 return NULL;
150 }
151 }
152 }
153 /* }}} */
154
zend_std_get_debug_info(zend_object * object,int * is_temp)155 ZEND_API HashTable *zend_std_get_debug_info(zend_object *object, int *is_temp) /* {{{ */
156 {
157 zend_class_entry *ce = object->ce;
158 zval retval;
159 HashTable *ht;
160
161 if (!ce->__debugInfo) {
162 *is_temp = 0;
163 return object->handlers->get_properties(object);
164 }
165
166 zend_call_known_instance_method_with_0_params(ce->__debugInfo, object, &retval);
167 if (Z_TYPE(retval) == IS_ARRAY) {
168 if (!Z_REFCOUNTED(retval)) {
169 *is_temp = 1;
170 return zend_array_dup(Z_ARRVAL(retval));
171 } else if (Z_REFCOUNT(retval) <= 1) {
172 *is_temp = 1;
173 ht = Z_ARR(retval);
174 return ht;
175 } else {
176 *is_temp = 0;
177 zval_ptr_dtor(&retval);
178 return Z_ARRVAL(retval);
179 }
180 } else if (Z_TYPE(retval) == IS_NULL) {
181 *is_temp = 1;
182 ht = zend_new_array(0);
183 return ht;
184 }
185
186 zend_error_noreturn(E_ERROR, ZEND_DEBUGINFO_FUNC_NAME "() must return an array");
187
188 return NULL; /* Compilers are dumb and don't understand that noreturn means that the function does NOT need a return value... */
189 }
190 /* }}} */
191
zend_std_call_getter(zend_object * zobj,zend_string * prop_name,zval * retval)192 static void zend_std_call_getter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
193 {
194 zval member;
195 ZVAL_STR(&member, prop_name);
196 zend_call_known_instance_method_with_1_params(zobj->ce->__get, zobj, retval, &member);
197 }
198 /* }}} */
199
zend_std_call_setter(zend_object * zobj,zend_string * prop_name,zval * value)200 static void zend_std_call_setter(zend_object *zobj, zend_string *prop_name, zval *value) /* {{{ */
201 {
202 zval args[2];
203 ZVAL_STR(&args[0], prop_name);
204 ZVAL_COPY_VALUE(&args[1], value);
205 zend_call_known_instance_method(zobj->ce->__set, zobj, NULL, 2, args);
206 }
207 /* }}} */
208
zend_std_call_unsetter(zend_object * zobj,zend_string * prop_name)209 static void zend_std_call_unsetter(zend_object *zobj, zend_string *prop_name) /* {{{ */
210 {
211 zval member;
212 ZVAL_STR(&member, prop_name);
213 zend_call_known_instance_method_with_1_params(zobj->ce->__unset, zobj, NULL, &member);
214 }
215 /* }}} */
216
zend_std_call_issetter(zend_object * zobj,zend_string * prop_name,zval * retval)217 static void zend_std_call_issetter(zend_object *zobj, zend_string *prop_name, zval *retval) /* {{{ */
218 {
219 zval member;
220 ZVAL_STR(&member, prop_name);
221 zend_call_known_instance_method_with_1_params(zobj->ce->__isset, zobj, retval, &member);
222 }
223 /* }}} */
224
225
is_derived_class(const zend_class_entry * child_class,const zend_class_entry * parent_class)226 static zend_always_inline bool is_derived_class(const zend_class_entry *child_class, const zend_class_entry *parent_class) /* {{{ */
227 {
228 child_class = child_class->parent;
229 while (child_class) {
230 if (child_class == parent_class) {
231 return 1;
232 }
233 child_class = child_class->parent;
234 }
235
236 return 0;
237 }
238 /* }}} */
239
is_protected_compatible_scope(const zend_class_entry * ce,const zend_class_entry * scope)240 static zend_never_inline int is_protected_compatible_scope(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
241 {
242 return scope &&
243 (is_derived_class(ce, scope) || is_derived_class(scope, ce));
244 }
245 /* }}} */
246
zend_get_parent_private_property(zend_class_entry * scope,const zend_class_entry * ce,zend_string * member)247 static zend_never_inline zend_property_info *zend_get_parent_private_property(zend_class_entry *scope, const zend_class_entry *ce, zend_string *member) /* {{{ */
248 {
249 zval *zv;
250 zend_property_info *prop_info;
251
252 if (scope != ce && scope && is_derived_class(ce, scope)) {
253 zv = zend_hash_find(&scope->properties_info, member);
254 if (zv != NULL) {
255 prop_info = (zend_property_info*)Z_PTR_P(zv);
256 if ((prop_info->flags & ZEND_ACC_PRIVATE)
257 && prop_info->ce == scope) {
258 return prop_info;
259 }
260 }
261 }
262 return NULL;
263 }
264 /* }}} */
265
zend_bad_property_access(const zend_property_info * property_info,const zend_class_entry * ce,const zend_string * member)266 static ZEND_COLD zend_never_inline void zend_bad_property_access(const zend_property_info *property_info, const zend_class_entry *ce, const zend_string *member) /* {{{ */
267 {
268 zend_throw_error(NULL, "Cannot access %s property %s::$%s", zend_visibility_string(property_info->flags), ZSTR_VAL(ce->name), ZSTR_VAL(member));
269 }
270 /* }}} */
271
zend_bad_property_name(void)272 static ZEND_COLD zend_never_inline void zend_bad_property_name(void) /* {{{ */
273 {
274 zend_throw_error(NULL, "Cannot access property starting with \"\\0\"");
275 }
276 /* }}} */
277
zend_forbidden_dynamic_property(const zend_class_entry * ce,const zend_string * member)278 static ZEND_COLD zend_never_inline void zend_forbidden_dynamic_property(
279 const zend_class_entry *ce, const zend_string *member) {
280 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
281 ZSTR_VAL(ce->name), ZSTR_VAL(member));
282 }
283
zend_deprecated_dynamic_property(zend_object * obj,const zend_string * member)284 static ZEND_COLD zend_never_inline bool zend_deprecated_dynamic_property(
285 zend_object *obj, const zend_string *member) {
286 GC_ADDREF(obj);
287 zend_error(E_DEPRECATED, "Creation of dynamic property %s::$%s is deprecated",
288 ZSTR_VAL(obj->ce->name), ZSTR_VAL(member));
289 if (UNEXPECTED(GC_DELREF(obj) == 0)) {
290 zend_class_entry *ce = obj->ce;
291 zend_objects_store_del(obj);
292 if (!EG(exception)) {
293 /* We cannot continue execution and have to throw an exception */
294 zend_throw_error(NULL, "Cannot create dynamic property %s::$%s",
295 ZSTR_VAL(ce->name), ZSTR_VAL(member));
296 }
297 return 0;
298 }
299 return 1;
300 }
301
zend_readonly_property_modification_scope_error(const zend_class_entry * ce,const zend_string * member,const zend_class_entry * scope,const char * operation)302 static ZEND_COLD zend_never_inline void zend_readonly_property_modification_scope_error(
303 const zend_class_entry *ce, const zend_string *member, const zend_class_entry *scope, const char *operation) {
304 zend_throw_error(NULL, "Cannot %s readonly property %s::$%s from %s%s",
305 operation, ZSTR_VAL(ce->name), ZSTR_VAL(member),
306 scope ? "scope " : "global scope", scope ? ZSTR_VAL(scope->name) : "");
307 }
308
zend_readonly_property_unset_error(zend_class_entry * ce,zend_string * member)309 static ZEND_COLD zend_never_inline void zend_readonly_property_unset_error(
310 zend_class_entry *ce, zend_string *member) {
311 zend_throw_error(NULL, "Cannot unset readonly property %s::$%s",
312 ZSTR_VAL(ce->name), ZSTR_VAL(member));
313 }
314
zend_get_property_offset(zend_class_entry * ce,zend_string * member,int silent,void ** cache_slot,const zend_property_info ** info_ptr)315 static zend_always_inline uintptr_t zend_get_property_offset(zend_class_entry *ce, zend_string *member, int silent, void **cache_slot, const zend_property_info **info_ptr) /* {{{ */
316 {
317 zval *zv;
318 zend_property_info *property_info;
319 uint32_t flags;
320 zend_class_entry *scope;
321 uintptr_t offset;
322
323 if (cache_slot && EXPECTED(ce == CACHED_PTR_EX(cache_slot))) {
324 *info_ptr = CACHED_PTR_EX(cache_slot + 2);
325 return (uintptr_t)CACHED_PTR_EX(cache_slot + 1);
326 }
327
328 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
329 || UNEXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
330 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
331 if (!silent) {
332 zend_bad_property_name();
333 }
334 return ZEND_WRONG_PROPERTY_OFFSET;
335 }
336 dynamic:
337 if (cache_slot) {
338 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
339 CACHE_PTR_EX(cache_slot + 2, NULL);
340 }
341 return ZEND_DYNAMIC_PROPERTY_OFFSET;
342 }
343
344 property_info = (zend_property_info*)Z_PTR_P(zv);
345 flags = property_info->flags;
346
347 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
348 if (UNEXPECTED(EG(fake_scope))) {
349 scope = EG(fake_scope);
350 } else {
351 scope = zend_get_executed_scope();
352 }
353
354 if (property_info->ce != scope) {
355 if (flags & ZEND_ACC_CHANGED) {
356 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
357
358 /* If there is a public/protected instance property on ce, don't try to use a
359 * private static property on scope. If both are static, prefer the static
360 * property on scope. This will throw a static property notice, rather than
361 * a visibility error. */
362 if (p && (!(p->flags & ZEND_ACC_STATIC) || (flags & ZEND_ACC_STATIC))) {
363 property_info = p;
364 flags = property_info->flags;
365 goto found;
366 } else if (flags & ZEND_ACC_PUBLIC) {
367 goto found;
368 }
369 }
370 if (flags & ZEND_ACC_PRIVATE) {
371 if (property_info->ce != ce) {
372 goto dynamic;
373 } else {
374 wrong:
375 /* Information was available, but we were denied access. Error out. */
376 if (!silent) {
377 zend_bad_property_access(property_info, ce, member);
378 }
379 return ZEND_WRONG_PROPERTY_OFFSET;
380 }
381 } else {
382 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
383 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
384 goto wrong;
385 }
386 }
387 }
388 }
389
390 found:
391 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
392 if (!silent) {
393 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
394 }
395 return ZEND_DYNAMIC_PROPERTY_OFFSET;
396 }
397
398 offset = property_info->offset;
399 if (EXPECTED(!ZEND_TYPE_IS_SET(property_info->type))) {
400 property_info = NULL;
401 } else {
402 *info_ptr = property_info;
403 }
404 if (cache_slot) {
405 CACHE_POLYMORPHIC_PTR_EX(cache_slot, ce, (void*)(uintptr_t)offset);
406 CACHE_PTR_EX(cache_slot + 2, property_info);
407 }
408 return offset;
409 }
410 /* }}} */
411
zend_wrong_offset(zend_class_entry * ce,zend_string * member)412 static ZEND_COLD void zend_wrong_offset(zend_class_entry *ce, zend_string *member) /* {{{ */
413 {
414 const zend_property_info *dummy;
415
416 /* Trigger the correct error */
417 zend_get_property_offset(ce, member, 0, NULL, &dummy);
418 }
419 /* }}} */
420
zend_get_property_info(const zend_class_entry * ce,zend_string * member,int silent)421 ZEND_API zend_property_info *zend_get_property_info(const zend_class_entry *ce, zend_string *member, int silent) /* {{{ */
422 {
423 zval *zv;
424 zend_property_info *property_info;
425 uint32_t flags;
426 zend_class_entry *scope;
427
428 if (UNEXPECTED(zend_hash_num_elements(&ce->properties_info) == 0)
429 || EXPECTED((zv = zend_hash_find(&ce->properties_info, member)) == NULL)) {
430 if (UNEXPECTED(ZSTR_VAL(member)[0] == '\0') && ZSTR_LEN(member) != 0) {
431 if (!silent) {
432 zend_bad_property_name();
433 }
434 return ZEND_WRONG_PROPERTY_INFO;
435 }
436 dynamic:
437 return NULL;
438 }
439
440 property_info = (zend_property_info*)Z_PTR_P(zv);
441 flags = property_info->flags;
442
443 if (flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
444 if (UNEXPECTED(EG(fake_scope))) {
445 scope = EG(fake_scope);
446 } else {
447 scope = zend_get_executed_scope();
448 }
449 if (property_info->ce != scope) {
450 if (flags & ZEND_ACC_CHANGED) {
451 zend_property_info *p = zend_get_parent_private_property(scope, ce, member);
452
453 if (p) {
454 property_info = p;
455 flags = property_info->flags;
456 goto found;
457 } else if (flags & ZEND_ACC_PUBLIC) {
458 goto found;
459 }
460 }
461 if (flags & ZEND_ACC_PRIVATE) {
462 if (property_info->ce != ce) {
463 goto dynamic;
464 } else {
465 wrong:
466 /* Information was available, but we were denied access. Error out. */
467 if (!silent) {
468 zend_bad_property_access(property_info, ce, member);
469 }
470 return ZEND_WRONG_PROPERTY_INFO;
471 }
472 } else {
473 ZEND_ASSERT(flags & ZEND_ACC_PROTECTED);
474 if (UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
475 goto wrong;
476 }
477 }
478 }
479 }
480
481 found:
482 if (UNEXPECTED(flags & ZEND_ACC_STATIC)) {
483 if (!silent) {
484 zend_error(E_NOTICE, "Accessing static property %s::$%s as non static", ZSTR_VAL(ce->name), ZSTR_VAL(member));
485 }
486 }
487 return property_info;
488 }
489 /* }}} */
490
zend_check_property_access(const zend_object * zobj,zend_string * prop_info_name,bool is_dynamic)491 ZEND_API zend_result zend_check_property_access(const zend_object *zobj, zend_string *prop_info_name, bool is_dynamic) /* {{{ */
492 {
493 zend_property_info *property_info;
494 const char *class_name = NULL;
495 const char *prop_name;
496 zend_string *member;
497 size_t prop_name_len;
498
499 if (ZSTR_VAL(prop_info_name)[0] == 0) {
500 if (is_dynamic) {
501 return SUCCESS;
502 }
503
504 zend_unmangle_property_name_ex(prop_info_name, &class_name, &prop_name, &prop_name_len);
505 member = zend_string_init(prop_name, prop_name_len, 0);
506 property_info = zend_get_property_info(zobj->ce, member, 1);
507 zend_string_release_ex(member, 0);
508 if (property_info == NULL || property_info == ZEND_WRONG_PROPERTY_INFO) {
509 return FAILURE;
510 }
511
512 if (class_name[0] != '*') {
513 if (!(property_info->flags & ZEND_ACC_PRIVATE)) {
514 /* we we're looking for a private prop but found a non private one of the same name */
515 return FAILURE;
516 } else if (strcmp(ZSTR_VAL(prop_info_name)+1, ZSTR_VAL(property_info->name)+1)) {
517 /* we we're looking for a private prop but found a private one of the same name but another class */
518 return FAILURE;
519 }
520 } else {
521 ZEND_ASSERT(property_info->flags & ZEND_ACC_PROTECTED);
522 }
523 return SUCCESS;
524 } else {
525 property_info = zend_get_property_info(zobj->ce, prop_info_name, 1);
526 if (property_info == NULL) {
527 ZEND_ASSERT(is_dynamic);
528 return SUCCESS;
529 } else if (property_info == ZEND_WRONG_PROPERTY_INFO) {
530 return FAILURE;
531 }
532 return (property_info->flags & ZEND_ACC_PUBLIC) ? SUCCESS : FAILURE;
533 }
534 }
535 /* }}} */
536
zend_property_guard_dtor(zval * el)537 static void zend_property_guard_dtor(zval *el) /* {{{ */ {
538 uint32_t *ptr = (uint32_t*)Z_PTR_P(el);
539 if (EXPECTED(!(((uintptr_t)ptr) & 1))) {
540 efree_size(ptr, sizeof(uint32_t));
541 }
542 }
543 /* }}} */
544
zend_get_guard_value(zend_object * zobj)545 static zend_always_inline zval *zend_get_guard_value(zend_object *zobj)
546 {
547 return zobj->properties_table + zobj->ce->default_properties_count;
548 }
549
zend_get_property_guard(zend_object * zobj,zend_string * member)550 ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *member) /* {{{ */
551 {
552 HashTable *guards;
553 zval *zv;
554 uint32_t *ptr;
555
556
557 ZEND_ASSERT(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS);
558 zv = zend_get_guard_value(zobj);
559 if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
560 zend_string *str = Z_STR_P(zv);
561 if (EXPECTED(str == member) ||
562 /* str and member don't necessarily have a pre-calculated hash value here */
563 EXPECTED(zend_string_equal_content(str, member))) {
564 return &Z_GUARD_P(zv);
565 } else if (EXPECTED(Z_GUARD_P(zv) == 0)) {
566 zval_ptr_dtor_str(zv);
567 ZVAL_STR_COPY(zv, member);
568 return &Z_GUARD_P(zv);
569 } else {
570 ALLOC_HASHTABLE(guards);
571 zend_hash_init(guards, 8, NULL, zend_property_guard_dtor, 0);
572 /* mark pointer as "special" using low bit */
573 zend_hash_add_new_ptr(guards, str,
574 (void*)(((uintptr_t)&Z_GUARD_P(zv)) | 1));
575 zval_ptr_dtor_str(zv);
576 ZVAL_ARR(zv, guards);
577 }
578 } else if (EXPECTED(Z_TYPE_P(zv) == IS_ARRAY)) {
579 guards = Z_ARRVAL_P(zv);
580 ZEND_ASSERT(guards != NULL);
581 zv = zend_hash_find(guards, member);
582 if (zv != NULL) {
583 return (uint32_t*)(((uintptr_t)Z_PTR_P(zv)) & ~1);
584 }
585 } else {
586 ZEND_ASSERT(Z_TYPE_P(zv) == IS_UNDEF);
587 ZVAL_STR_COPY(zv, member);
588 Z_GUARD_P(zv) &= ~ZEND_GUARD_PROPERTY_MASK;
589 return &Z_GUARD_P(zv);
590 }
591 /* we have to allocate uint32_t separately because ht->arData may be reallocated */
592 ptr = (uint32_t*)emalloc(sizeof(uint32_t));
593 *ptr = 0;
594 return (uint32_t*)zend_hash_add_new_ptr(guards, member, ptr);
595 }
596 /* }}} */
597
zend_get_recursion_guard(zend_object * zobj)598 ZEND_API uint32_t *zend_get_recursion_guard(zend_object *zobj)
599 {
600 if (!(zobj->ce->ce_flags & ZEND_ACC_USE_GUARDS)) {
601 return NULL;
602 }
603 zval *zv = zend_get_guard_value(zobj);
604 return &Z_GUARD_P(zv);
605 }
606
zend_std_read_property(zend_object * zobj,zend_string * name,int type,void ** cache_slot,zval * rv)607 ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int type, void **cache_slot, zval *rv) /* {{{ */
608 {
609 zval *retval;
610 uintptr_t property_offset;
611 const zend_property_info *prop_info = NULL;
612 uint32_t *guard = NULL;
613
614 #if DEBUG_OBJECT_HANDLERS
615 fprintf(stderr, "Read object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
616 #endif
617
618 /* make zend_get_property_info silent if we have getter - we may want to use it */
619 property_offset = zend_get_property_offset(zobj->ce, name, (type == BP_VAR_IS) || (zobj->ce->__get != NULL), cache_slot, &prop_info);
620
621 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
622 retval = OBJ_PROP(zobj, property_offset);
623 if (EXPECTED(Z_TYPE_P(retval) != IS_UNDEF)) {
624 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)
625 && (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
626 if (Z_TYPE_P(retval) == IS_OBJECT) {
627 /* For objects, W/RW/UNSET fetch modes might not actually modify object.
628 * Similar as with magic __get() allow them, but return the value as a copy
629 * to make sure no actual modification is possible. */
630 ZVAL_COPY(rv, retval);
631 retval = rv;
632 } else if (Z_PROP_FLAG_P(retval) & IS_PROP_REINITABLE) {
633 Z_PROP_FLAG_P(retval) &= ~IS_PROP_REINITABLE;
634 } else {
635 zend_readonly_property_modification_error(prop_info);
636 retval = &EG(uninitialized_zval);
637 }
638 }
639 goto exit;
640 } else {
641 if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
642 if (type == BP_VAR_W || type == BP_VAR_RW) {
643 zend_readonly_property_indirect_modification_error(prop_info);
644 retval = &EG(uninitialized_zval);
645 goto exit;
646 } else if (type == BP_VAR_UNSET) {
647 retval = &EG(uninitialized_zval);
648 goto exit;
649 }
650 }
651 }
652 if (UNEXPECTED(Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT)) {
653 /* Skip __get() for uninitialized typed properties */
654 goto uninit_error;
655 }
656 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
657 if (EXPECTED(zobj->properties != NULL)) {
658 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
659 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
660
661 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
662 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
663
664 if (EXPECTED(p->key == name) ||
665 (EXPECTED(p->h == ZSTR_H(name)) &&
666 EXPECTED(p->key != NULL) &&
667 EXPECTED(zend_string_equal_content(p->key, name)))) {
668 retval = &p->val;
669 goto exit;
670 }
671 }
672 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
673 }
674 retval = zend_hash_find(zobj->properties, name);
675 if (EXPECTED(retval)) {
676 if (cache_slot) {
677 uintptr_t idx = (char*)retval - (char*)zobj->properties->arData;
678 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
679 }
680 goto exit;
681 }
682 }
683 } else if (UNEXPECTED(EG(exception))) {
684 retval = &EG(uninitialized_zval);
685 goto exit;
686 }
687
688 /* magic isset */
689 if ((type == BP_VAR_IS) && zobj->ce->__isset) {
690 zval tmp_result;
691 guard = zend_get_property_guard(zobj, name);
692
693 if (!((*guard) & IN_ISSET)) {
694 GC_ADDREF(zobj);
695 ZVAL_UNDEF(&tmp_result);
696
697 *guard |= IN_ISSET;
698 zend_std_call_issetter(zobj, name, &tmp_result);
699 *guard &= ~IN_ISSET;
700
701 if (!zend_is_true(&tmp_result)) {
702 retval = &EG(uninitialized_zval);
703 OBJ_RELEASE(zobj);
704 zval_ptr_dtor(&tmp_result);
705 goto exit;
706 }
707
708 zval_ptr_dtor(&tmp_result);
709 if (zobj->ce->__get && !((*guard) & IN_GET)) {
710 goto call_getter;
711 }
712 OBJ_RELEASE(zobj);
713 } else if (zobj->ce->__get && !((*guard) & IN_GET)) {
714 goto call_getter_addref;
715 }
716 } else if (zobj->ce->__get) {
717 /* magic get */
718 guard = zend_get_property_guard(zobj, name);
719 if (!((*guard) & IN_GET)) {
720 /* have getter - try with it! */
721 call_getter_addref:
722 GC_ADDREF(zobj);
723 call_getter:
724 *guard |= IN_GET; /* prevent circular getting */
725 zend_std_call_getter(zobj, name, rv);
726 *guard &= ~IN_GET;
727
728 if (Z_TYPE_P(rv) != IS_UNDEF) {
729 retval = rv;
730 if (!Z_ISREF_P(rv) &&
731 (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET)) {
732 if (UNEXPECTED(Z_TYPE_P(rv) != IS_OBJECT)) {
733 zend_error(E_NOTICE, "Indirect modification of overloaded property %s::$%s has no effect", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
734 }
735 }
736 } else {
737 retval = &EG(uninitialized_zval);
738 }
739
740 if (prop_info) {
741 zend_verify_prop_assignable_by_ref_ex(prop_info, retval, (zobj->ce->__get->common.fn_flags & ZEND_ACC_STRICT_TYPES) != 0, ZEND_VERIFY_PROP_ASSIGNABLE_BY_REF_CONTEXT_MAGIC_GET);
742 }
743
744 OBJ_RELEASE(zobj);
745 goto exit;
746 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
747 /* Trigger the correct error */
748 zend_get_property_offset(zobj->ce, name, 0, NULL, &prop_info);
749 ZEND_ASSERT(EG(exception));
750 retval = &EG(uninitialized_zval);
751 goto exit;
752 }
753 }
754
755 uninit_error:
756 if (type != BP_VAR_IS) {
757 if (prop_info) {
758 zend_throw_error(NULL, "Typed property %s::$%s must not be accessed before initialization",
759 ZSTR_VAL(prop_info->ce->name),
760 ZSTR_VAL(name));
761 } else {
762 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
763 }
764 }
765 retval = &EG(uninitialized_zval);
766
767 exit:
768 return retval;
769 }
770 /* }}} */
771
property_uses_strict_types(void)772 static zend_always_inline bool property_uses_strict_types(void) {
773 zend_execute_data *execute_data = EG(current_execute_data);
774 return execute_data
775 && execute_data->func
776 && ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data));
777 }
778
verify_readonly_initialization_access(const zend_property_info * prop_info,const zend_class_entry * ce,zend_string * name,const char * operation)779 static bool verify_readonly_initialization_access(
780 const zend_property_info *prop_info, const zend_class_entry *ce,
781 zend_string *name, const char *operation) {
782 zend_class_entry *scope;
783 if (UNEXPECTED(EG(fake_scope))) {
784 scope = EG(fake_scope);
785 } else {
786 scope = zend_get_executed_scope();
787 }
788 if (prop_info->ce == scope) {
789 return true;
790 }
791
792 /* We may have redeclared a parent property. In that case the parent should still be
793 * allowed to initialize it. */
794 if (scope && is_derived_class(ce, scope)) {
795 const zend_property_info *prop_info = zend_hash_find_ptr(&scope->properties_info, name);
796 if (prop_info) {
797 /* This should be ensured by inheritance. */
798 ZEND_ASSERT(prop_info->flags & ZEND_ACC_READONLY);
799 if (prop_info->ce == scope) {
800 return true;
801 }
802 }
803 }
804
805 zend_readonly_property_modification_scope_error(prop_info->ce, name, scope, operation);
806 return false;
807 }
808
zend_std_write_property(zend_object * zobj,zend_string * name,zval * value,void ** cache_slot)809 ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zval *value, void **cache_slot) /* {{{ */
810 {
811 zval *variable_ptr, tmp;
812 uintptr_t property_offset;
813 const zend_property_info *prop_info = NULL;
814 ZEND_ASSERT(!Z_ISREF_P(value));
815
816 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
817
818 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
819 variable_ptr = OBJ_PROP(zobj, property_offset);
820 if (Z_TYPE_P(variable_ptr) != IS_UNDEF) {
821 Z_TRY_ADDREF_P(value);
822
823 if (prop_info) {
824 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY) && !(Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINITABLE))) {
825 Z_TRY_DELREF_P(value);
826 zend_readonly_property_modification_error(prop_info);
827 variable_ptr = &EG(error_zval);
828 goto exit;
829 }
830
831 ZVAL_COPY_VALUE(&tmp, value);
832 // Increase refcount to prevent object from being released in __toString()
833 GC_ADDREF(zobj);
834 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
835 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
836 zend_object_released_while_assigning_to_property_error(prop_info);
837 zend_objects_store_del(zobj);
838 zval_ptr_dtor(&tmp);
839 variable_ptr = &EG(error_zval);
840 goto exit;
841 }
842 if (UNEXPECTED(!type_matched)) {
843 Z_TRY_DELREF_P(value);
844 variable_ptr = &EG(error_zval);
845 goto exit;
846 }
847 Z_PROP_FLAG_P(variable_ptr) &= ~IS_PROP_REINITABLE;
848 value = &tmp;
849 }
850
851 found:;
852 zend_refcounted *garbage = NULL;
853
854 variable_ptr = zend_assign_to_variable_ex(
855 variable_ptr, value, IS_TMP_VAR, property_uses_strict_types(), &garbage);
856
857 if (garbage) {
858 if (GC_DELREF(garbage) == 0) {
859 zend_execute_data *execute_data = EG(current_execute_data);
860 // Assign to result variable before calling the destructor as it may release the object
861 if (execute_data
862 && EX(func)
863 && ZEND_USER_CODE(EX(func)->common.type)
864 && EX(opline)
865 && EX(opline)->opcode == ZEND_ASSIGN_OBJ
866 && EX(opline)->result_type) {
867 ZVAL_COPY_DEREF(EX_VAR(EX(opline)->result.var), variable_ptr);
868 variable_ptr = NULL;
869 }
870 rc_dtor_func(garbage);
871 } else {
872 gc_check_possible_root_no_ref(garbage);
873 }
874 }
875 goto exit;
876 }
877 if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_UNINIT) {
878 /* Writes to uninitialized typed properties bypass __set(). */
879 goto write_std_property;
880 }
881 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
882 if (EXPECTED(zobj->properties != NULL)) {
883 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
884 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
885 GC_DELREF(zobj->properties);
886 }
887 zobj->properties = zend_array_dup(zobj->properties);
888 }
889 if ((variable_ptr = zend_hash_find(zobj->properties, name)) != NULL) {
890 Z_TRY_ADDREF_P(value);
891 goto found;
892 }
893 }
894 } else if (UNEXPECTED(EG(exception))) {
895 variable_ptr = &EG(error_zval);
896 goto exit;
897 }
898
899 /* magic set */
900 if (zobj->ce->__set) {
901 uint32_t *guard = zend_get_property_guard(zobj, name);
902
903 if (!((*guard) & IN_SET)) {
904 GC_ADDREF(zobj);
905 (*guard) |= IN_SET; /* prevent circular setting */
906 zend_std_call_setter(zobj, name, value);
907 (*guard) &= ~IN_SET;
908 OBJ_RELEASE(zobj);
909 variable_ptr = value;
910 } else if (EXPECTED(!IS_WRONG_PROPERTY_OFFSET(property_offset))) {
911 goto write_std_property;
912 } else {
913 /* Trigger the correct error */
914 zend_wrong_offset(zobj->ce, name);
915 ZEND_ASSERT(EG(exception));
916 variable_ptr = &EG(error_zval);
917 goto exit;
918 }
919 } else {
920 ZEND_ASSERT(!IS_WRONG_PROPERTY_OFFSET(property_offset));
921 write_std_property:
922 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
923 variable_ptr = OBJ_PROP(zobj, property_offset);
924
925 Z_TRY_ADDREF_P(value);
926 if (prop_info) {
927 if (UNEXPECTED((prop_info->flags & ZEND_ACC_READONLY)
928 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "initialize"))) {
929 Z_TRY_DELREF_P(value);
930 variable_ptr = &EG(error_zval);
931 goto exit;
932 }
933
934 ZVAL_COPY_VALUE(&tmp, value);
935 // Increase refcount to prevent object from being released in __toString()
936 GC_ADDREF(zobj);
937 bool type_matched = zend_verify_property_type(prop_info, &tmp, property_uses_strict_types());
938 if (UNEXPECTED(GC_DELREF(zobj) == 0)) {
939 zend_object_released_while_assigning_to_property_error(prop_info);
940 zend_objects_store_del(zobj);
941 zval_ptr_dtor(&tmp);
942 variable_ptr = &EG(error_zval);
943 goto exit;
944 }
945 if (UNEXPECTED(!type_matched)) {
946 zval_ptr_dtor(value);
947 goto exit;
948 }
949 value = &tmp;
950 Z_PROP_FLAG_P(variable_ptr) = 0;
951 goto found; /* might have been updated via e.g. __toString() */
952 }
953
954 ZVAL_COPY_VALUE(variable_ptr, value);
955 } else {
956 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
957 zend_forbidden_dynamic_property(zobj->ce, name);
958 variable_ptr = &EG(error_zval);
959 goto exit;
960 }
961 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
962 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
963 variable_ptr = &EG(error_zval);
964 goto exit;
965 }
966 }
967
968 Z_TRY_ADDREF_P(value);
969 if (!zobj->properties) {
970 rebuild_object_properties(zobj);
971 }
972 variable_ptr = zend_hash_add_new(zobj->properties, name, value);
973 }
974 }
975
976 exit:
977 return variable_ptr;
978 }
979 /* }}} */
980
zend_bad_array_access(zend_class_entry * ce)981 static ZEND_COLD zend_never_inline void zend_bad_array_access(zend_class_entry *ce) /* {{{ */
982 {
983 zend_throw_error(NULL, "Cannot use object of type %s as array", ZSTR_VAL(ce->name));
984 }
985 /* }}} */
986
zend_std_read_dimension(zend_object * object,zval * offset,int type,zval * rv)987 ZEND_API zval *zend_std_read_dimension(zend_object *object, zval *offset, int type, zval *rv) /* {{{ */
988 {
989 zend_class_entry *ce = object->ce;
990 zval tmp_offset;
991
992 /* arrayaccess_funcs_ptr is set if (and only if) the class implements zend_ce_arrayaccess */
993 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
994 if (EXPECTED(funcs)) {
995 if (offset == NULL) {
996 /* [] construct */
997 ZVAL_NULL(&tmp_offset);
998 } else {
999 ZVAL_COPY_DEREF(&tmp_offset, offset);
1000 }
1001
1002 GC_ADDREF(object);
1003 if (type == BP_VAR_IS) {
1004 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, rv, &tmp_offset);
1005 if (UNEXPECTED(Z_ISUNDEF_P(rv))) {
1006 OBJ_RELEASE(object);
1007 zval_ptr_dtor(&tmp_offset);
1008 return NULL;
1009 }
1010 if (!i_zend_is_true(rv)) {
1011 OBJ_RELEASE(object);
1012 zval_ptr_dtor(&tmp_offset);
1013 zval_ptr_dtor(rv);
1014 return &EG(uninitialized_zval);
1015 }
1016 zval_ptr_dtor(rv);
1017 }
1018
1019 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, rv, &tmp_offset);
1020
1021 OBJ_RELEASE(object);
1022 zval_ptr_dtor(&tmp_offset);
1023
1024 if (UNEXPECTED(Z_TYPE_P(rv) == IS_UNDEF)) {
1025 if (UNEXPECTED(!EG(exception))) {
1026 zend_throw_error(NULL, "Undefined offset for object of type %s used as array", ZSTR_VAL(ce->name));
1027 }
1028 return NULL;
1029 }
1030 return rv;
1031 } else {
1032 zend_bad_array_access(ce);
1033 return NULL;
1034 }
1035 }
1036 /* }}} */
1037
zend_std_write_dimension(zend_object * object,zval * offset,zval * value)1038 ZEND_API void zend_std_write_dimension(zend_object *object, zval *offset, zval *value) /* {{{ */
1039 {
1040 zend_class_entry *ce = object->ce;
1041 zval tmp_offset;
1042
1043 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1044 if (EXPECTED(funcs)) {
1045 if (!offset) {
1046 ZVAL_NULL(&tmp_offset);
1047 } else {
1048 ZVAL_COPY_DEREF(&tmp_offset, offset);
1049 }
1050 GC_ADDREF(object);
1051 zend_call_known_instance_method_with_2_params(funcs->zf_offsetset, object, NULL, &tmp_offset, value);
1052 OBJ_RELEASE(object);
1053 zval_ptr_dtor(&tmp_offset);
1054 } else {
1055 zend_bad_array_access(ce);
1056 }
1057 }
1058 /* }}} */
1059
zend_std_has_dimension(zend_object * object,zval * offset,int check_empty)1060 ZEND_API int zend_std_has_dimension(zend_object *object, zval *offset, int check_empty) /* {{{ */
1061 {
1062 zend_class_entry *ce = object->ce;
1063 zval retval, tmp_offset;
1064 int result;
1065
1066 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1067 if (EXPECTED(funcs)) {
1068 ZVAL_COPY_DEREF(&tmp_offset, offset);
1069 GC_ADDREF(object);
1070 zend_call_known_instance_method_with_1_params(funcs->zf_offsetexists, object, &retval, &tmp_offset);
1071 result = i_zend_is_true(&retval);
1072 zval_ptr_dtor(&retval);
1073 if (check_empty && result && EXPECTED(!EG(exception))) {
1074 zend_call_known_instance_method_with_1_params(funcs->zf_offsetget, object, &retval, &tmp_offset);
1075 result = i_zend_is_true(&retval);
1076 zval_ptr_dtor(&retval);
1077 }
1078 OBJ_RELEASE(object);
1079 zval_ptr_dtor(&tmp_offset);
1080 } else {
1081 zend_bad_array_access(ce);
1082 return 0;
1083 }
1084 return result;
1085 }
1086 /* }}} */
1087
zend_std_get_property_ptr_ptr(zend_object * zobj,zend_string * name,int type,void ** cache_slot)1088 ZEND_API zval *zend_std_get_property_ptr_ptr(zend_object *zobj, zend_string *name, int type, void **cache_slot) /* {{{ */
1089 {
1090 zval *retval = NULL;
1091 uintptr_t property_offset;
1092 const zend_property_info *prop_info = NULL;
1093
1094 #if DEBUG_OBJECT_HANDLERS
1095 fprintf(stderr, "Ptr object #%d property: %s\n", zobj->handle, ZSTR_VAL(name));
1096 #endif
1097
1098 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__get != NULL), cache_slot, &prop_info);
1099
1100 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1101 retval = OBJ_PROP(zobj, property_offset);
1102 if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1103 if (EXPECTED(!zobj->ce->__get) ||
1104 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET) ||
1105 UNEXPECTED(prop_info && (Z_PROP_FLAG_P(retval) & IS_PROP_UNINIT))) {
1106 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1107 if (prop_info) {
1108 zend_throw_error(NULL,
1109 "Typed property %s::$%s must not be accessed before initialization",
1110 ZSTR_VAL(prop_info->ce->name),
1111 ZSTR_VAL(name));
1112 retval = &EG(error_zval);
1113 } else {
1114 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1115 /* An error handler may set the property */
1116 if (EXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
1117 ZVAL_NULL(retval);
1118 }
1119 }
1120 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1121 /* Readonly property, delegate to read_property + write_property. */
1122 retval = NULL;
1123 } else if (!prop_info || !ZEND_TYPE_IS_SET(prop_info->type)) {
1124 ZVAL_NULL(retval);
1125 }
1126 } else {
1127 /* we do have getter - fail and let it try again with usual get/set */
1128 retval = NULL;
1129 }
1130 } else if (prop_info && UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
1131 /* Readonly property, delegate to read_property + write_property. */
1132 retval = NULL;
1133 }
1134 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1135 if (EXPECTED(zobj->properties)) {
1136 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1137 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1138 GC_DELREF(zobj->properties);
1139 }
1140 zobj->properties = zend_array_dup(zobj->properties);
1141 }
1142 if (EXPECTED((retval = zend_hash_find(zobj->properties, name)) != NULL)) {
1143 return retval;
1144 }
1145 }
1146 if (EXPECTED(!zobj->ce->__get) ||
1147 UNEXPECTED((*zend_get_property_guard(zobj, name)) & IN_GET)) {
1148 if (UNEXPECTED(zobj->ce->ce_flags & ZEND_ACC_NO_DYNAMIC_PROPERTIES)) {
1149 zend_forbidden_dynamic_property(zobj->ce, name);
1150 return &EG(error_zval);
1151 }
1152 if (UNEXPECTED(!(zobj->ce->ce_flags & ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES))) {
1153 if (UNEXPECTED(!zend_deprecated_dynamic_property(zobj, name))) {
1154 return &EG(error_zval);
1155 }
1156 }
1157 if (UNEXPECTED(!zobj->properties)) {
1158 rebuild_object_properties(zobj);
1159 }
1160 if (UNEXPECTED(type == BP_VAR_RW || type == BP_VAR_R)) {
1161 zend_error(E_WARNING, "Undefined property: %s::$%s", ZSTR_VAL(zobj->ce->name), ZSTR_VAL(name));
1162 }
1163 retval = zend_hash_add(zobj->properties, name, &EG(uninitialized_zval));
1164 }
1165 } else if (zobj->ce->__get == NULL) {
1166 retval = &EG(error_zval);
1167 }
1168
1169 return retval;
1170 }
1171 /* }}} */
1172
zend_std_unset_property(zend_object * zobj,zend_string * name,void ** cache_slot)1173 ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void **cache_slot) /* {{{ */
1174 {
1175 uintptr_t property_offset;
1176 const zend_property_info *prop_info = NULL;
1177
1178 property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__unset != NULL), cache_slot, &prop_info);
1179
1180 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1181 zval *slot = OBJ_PROP(zobj, property_offset);
1182
1183 if (Z_TYPE_P(slot) != IS_UNDEF) {
1184 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY))) {
1185 if (Z_PROP_FLAG_P(slot) & IS_PROP_REINITABLE) {
1186 Z_PROP_FLAG_P(slot) &= ~IS_PROP_REINITABLE;
1187 } else {
1188 zend_readonly_property_unset_error(prop_info->ce, name);
1189 return;
1190 }
1191 }
1192 if (UNEXPECTED(Z_ISREF_P(slot)) &&
1193 (ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
1194 if (prop_info) {
1195 ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(slot), prop_info);
1196 }
1197 }
1198 zval tmp;
1199 ZVAL_COPY_VALUE(&tmp, slot);
1200 ZVAL_UNDEF(slot);
1201 zval_ptr_dtor(&tmp);
1202 if (zobj->properties) {
1203 HT_FLAGS(zobj->properties) |= HASH_FLAG_HAS_EMPTY_IND;
1204 }
1205 return;
1206 }
1207 if (UNEXPECTED(Z_PROP_FLAG_P(slot) & IS_PROP_UNINIT)) {
1208 if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY)
1209 && !verify_readonly_initialization_access(prop_info, zobj->ce, name, "unset"))) {
1210 return;
1211 }
1212
1213 /* Reset the IS_PROP_UNINIT flag, if it exists and bypass __unset(). */
1214 Z_PROP_FLAG_P(slot) = 0;
1215 return;
1216 }
1217 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))
1218 && EXPECTED(zobj->properties != NULL)) {
1219 if (UNEXPECTED(GC_REFCOUNT(zobj->properties) > 1)) {
1220 if (EXPECTED(!(GC_FLAGS(zobj->properties) & IS_ARRAY_IMMUTABLE))) {
1221 GC_DELREF(zobj->properties);
1222 }
1223 zobj->properties = zend_array_dup(zobj->properties);
1224 }
1225 if (EXPECTED(zend_hash_del(zobj->properties, name) != FAILURE)) {
1226 return;
1227 }
1228 } else if (UNEXPECTED(EG(exception))) {
1229 return;
1230 }
1231
1232 /* magic unset */
1233 if (zobj->ce->__unset) {
1234 uint32_t *guard = zend_get_property_guard(zobj, name);
1235 if (!((*guard) & IN_UNSET)) {
1236 /* have unsetter - try with it! */
1237 (*guard) |= IN_UNSET; /* prevent circular unsetting */
1238 zend_std_call_unsetter(zobj, name);
1239 (*guard) &= ~IN_UNSET;
1240 } else if (UNEXPECTED(IS_WRONG_PROPERTY_OFFSET(property_offset))) {
1241 /* Trigger the correct error */
1242 zend_wrong_offset(zobj->ce, name);
1243 ZEND_ASSERT(EG(exception));
1244 return;
1245 } else {
1246 /* Nothing to do: The property already does not exist. */
1247 }
1248 }
1249 }
1250 /* }}} */
1251
zend_std_unset_dimension(zend_object * object,zval * offset)1252 ZEND_API void zend_std_unset_dimension(zend_object *object, zval *offset) /* {{{ */
1253 {
1254 zend_class_entry *ce = object->ce;
1255 zval tmp_offset;
1256
1257 zend_class_arrayaccess_funcs *funcs = ce->arrayaccess_funcs_ptr;
1258 if (EXPECTED(funcs)) {
1259 ZVAL_COPY_DEREF(&tmp_offset, offset);
1260 GC_ADDREF(object);
1261 zend_call_known_instance_method_with_1_params(funcs->zf_offsetunset, object, NULL, &tmp_offset);
1262 OBJ_RELEASE(object);
1263 zval_ptr_dtor(&tmp_offset);
1264 } else {
1265 zend_bad_array_access(ce);
1266 }
1267 }
1268 /* }}} */
1269
zend_get_parent_private_method(zend_class_entry * scope,zend_class_entry * ce,zend_string * function_name)1270 static zend_never_inline zend_function *zend_get_parent_private_method(zend_class_entry *scope, zend_class_entry *ce, zend_string *function_name) /* {{{ */
1271 {
1272 zval *func;
1273 zend_function *fbc;
1274
1275 if (scope != ce && scope && is_derived_class(ce, scope)) {
1276 func = zend_hash_find(&scope->function_table, function_name);
1277 if (func != NULL) {
1278 fbc = Z_FUNC_P(func);
1279 if ((fbc->common.fn_flags & ZEND_ACC_PRIVATE)
1280 && fbc->common.scope == scope) {
1281 return fbc;
1282 }
1283 }
1284 }
1285 return NULL;
1286 }
1287 /* }}} */
1288
1289 /* Ensures that we're allowed to call a protected method.
1290 */
zend_check_protected(const zend_class_entry * ce,const zend_class_entry * scope)1291 ZEND_API bool zend_check_protected(const zend_class_entry *ce, const zend_class_entry *scope) /* {{{ */
1292 {
1293 const zend_class_entry *fbc_scope = ce;
1294
1295 /* Is the context that's calling the function, the same as one of
1296 * the function's parents?
1297 */
1298 while (fbc_scope) {
1299 if (fbc_scope==scope) {
1300 return 1;
1301 }
1302 fbc_scope = fbc_scope->parent;
1303 }
1304
1305 /* Is the function's scope the same as our current object context,
1306 * or any of the parents of our context?
1307 */
1308 while (scope) {
1309 if (scope==ce) {
1310 return 1;
1311 }
1312 scope = scope->parent;
1313 }
1314 return 0;
1315 }
1316 /* }}} */
1317
zend_get_call_trampoline_func(const zend_class_entry * ce,zend_string * method_name,bool is_static)1318 ZEND_API zend_function *zend_get_call_trampoline_func(const zend_class_entry *ce, zend_string *method_name, bool is_static) /* {{{ */
1319 {
1320 size_t mname_len;
1321 zend_op_array *func;
1322 zend_function *fbc = is_static ? ce->__callstatic : ce->__call;
1323 /* We use non-NULL value to avoid useless run_time_cache allocation.
1324 * The low bit must be zero, to not be interpreted as a MAP_PTR offset.
1325 */
1326 static const void *dummy = (void*)(intptr_t)2;
1327 static const zend_arg_info arg_info[1] = {{0}};
1328
1329 ZEND_ASSERT(fbc);
1330
1331 if (EXPECTED(EG(trampoline).common.function_name == NULL)) {
1332 func = &EG(trampoline).op_array;
1333 } else {
1334 func = ecalloc(1, sizeof(zend_op_array));
1335 }
1336
1337 func->type = ZEND_USER_FUNCTION;
1338 func->arg_flags[0] = 0;
1339 func->arg_flags[1] = 0;
1340 func->arg_flags[2] = 0;
1341 func->fn_flags = ZEND_ACC_CALL_VIA_TRAMPOLINE | ZEND_ACC_PUBLIC | ZEND_ACC_VARIADIC;
1342 if (is_static) {
1343 func->fn_flags |= ZEND_ACC_STATIC;
1344 }
1345 func->opcodes = &EG(call_trampoline_op);
1346 ZEND_MAP_PTR_INIT(func->run_time_cache, (void**)dummy);
1347 func->scope = fbc->common.scope;
1348 /* reserve space for arguments, local and temporary variables */
1349 /* EG(trampoline) is reused from other places, like FFI (e.g. zend_ffi_cdata_get_closure()) where
1350 * it is used as an internal function. It may set fields that don't belong to common, thus
1351 * modifying zend_op_array specific data, most significantly last_var. We need to reset this
1352 * value so that it doesn't contain garbage when the engine allocates space for the next stack
1353 * frame. This didn't cause any issues until now due to "lucky" structure layout. */
1354 func->last_var = 0;
1355 func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, 2) : 2;
1356 func->filename = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.filename : ZSTR_EMPTY_ALLOC();
1357 func->line_start = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_start : 0;
1358 func->line_end = (fbc->type == ZEND_USER_FUNCTION)? fbc->op_array.line_end : 0;
1359
1360 //??? keep compatibility for "\0" characters
1361 //??? see: Zend/tests/bug46238.phpt
1362 if (UNEXPECTED((mname_len = strlen(ZSTR_VAL(method_name))) != ZSTR_LEN(method_name))) {
1363 func->function_name = zend_string_init(ZSTR_VAL(method_name), mname_len, 0);
1364 } else {
1365 func->function_name = zend_string_copy(method_name);
1366 }
1367
1368 func->prototype = NULL;
1369 func->num_args = 0;
1370 func->required_num_args = 0;
1371 func->arg_info = (zend_arg_info *) arg_info;
1372
1373 return (zend_function*)func;
1374 }
1375 /* }}} */
1376
zend_get_user_call_function(zend_class_entry * ce,zend_string * method_name)1377 static zend_always_inline zend_function *zend_get_user_call_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1378 {
1379 return zend_get_call_trampoline_func(ce, method_name, 0);
1380 }
1381 /* }}} */
1382
zend_bad_method_call(zend_function * fbc,zend_string * method_name,zend_class_entry * scope)1383 static ZEND_COLD zend_never_inline void zend_bad_method_call(zend_function *fbc, zend_string *method_name, zend_class_entry *scope) /* {{{ */
1384 {
1385 zend_throw_error(NULL, "Call to %s method %s::%s() from %s%s",
1386 zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc), ZSTR_VAL(method_name),
1387 scope ? "scope " : "global scope",
1388 scope ? ZSTR_VAL(scope->name) : ""
1389 );
1390 }
1391 /* }}} */
1392
zend_abstract_method_call(zend_function * fbc)1393 static ZEND_COLD zend_never_inline void zend_abstract_method_call(zend_function *fbc) /* {{{ */
1394 {
1395 zend_throw_error(NULL, "Cannot call abstract method %s::%s()",
1396 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1397 }
1398 /* }}} */
1399
zend_std_get_method(zend_object ** obj_ptr,zend_string * method_name,const zval * key)1400 ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string *method_name, const zval *key) /* {{{ */
1401 {
1402 zend_object *zobj = *obj_ptr;
1403 zval *func;
1404 zend_function *fbc;
1405 zend_string *lc_method_name;
1406 zend_class_entry *scope;
1407 ALLOCA_FLAG(use_heap);
1408
1409 if (EXPECTED(key != NULL)) {
1410 lc_method_name = Z_STR_P(key);
1411 #ifdef ZEND_ALLOCA_MAX_SIZE
1412 use_heap = 0;
1413 #endif
1414 } else {
1415 ZSTR_ALLOCA_ALLOC(lc_method_name, ZSTR_LEN(method_name), use_heap);
1416 zend_str_tolower_copy(ZSTR_VAL(lc_method_name), ZSTR_VAL(method_name), ZSTR_LEN(method_name));
1417 }
1418
1419 if (UNEXPECTED((func = zend_hash_find(&zobj->ce->function_table, lc_method_name)) == NULL)) {
1420 if (UNEXPECTED(!key)) {
1421 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1422 }
1423 if (zobj->ce->__call) {
1424 return zend_get_user_call_function(zobj->ce, method_name);
1425 } else {
1426 return NULL;
1427 }
1428 }
1429
1430 fbc = Z_FUNC_P(func);
1431
1432 /* Check access level */
1433 if (fbc->op_array.fn_flags & (ZEND_ACC_CHANGED|ZEND_ACC_PRIVATE|ZEND_ACC_PROTECTED)) {
1434 scope = zend_get_executed_scope();
1435
1436 if (fbc->common.scope != scope) {
1437 if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
1438 zend_function *updated_fbc = zend_get_parent_private_method(scope, zobj->ce, lc_method_name);
1439
1440 if (EXPECTED(updated_fbc != NULL)) {
1441 fbc = updated_fbc;
1442 goto exit;
1443 } else if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
1444 goto exit;
1445 }
1446 }
1447 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1448 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1449 if (zobj->ce->__call) {
1450 fbc = zend_get_user_call_function(zobj->ce, method_name);
1451 } else {
1452 zend_bad_method_call(fbc, method_name, scope);
1453 fbc = NULL;
1454 }
1455 }
1456 }
1457 }
1458
1459 exit:
1460 if (fbc && UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1461 zend_abstract_method_call(fbc);
1462 fbc = NULL;
1463 }
1464 if (UNEXPECTED(!key)) {
1465 ZSTR_ALLOCA_FREE(lc_method_name, use_heap);
1466 }
1467 return fbc;
1468 }
1469 /* }}} */
1470
zend_get_user_callstatic_function(zend_class_entry * ce,zend_string * method_name)1471 static zend_always_inline zend_function *zend_get_user_callstatic_function(zend_class_entry *ce, zend_string *method_name) /* {{{ */
1472 {
1473 return zend_get_call_trampoline_func(ce, method_name, 1);
1474 }
1475 /* }}} */
1476
get_static_method_fallback(zend_class_entry * ce,zend_string * function_name)1477 static zend_always_inline zend_function *get_static_method_fallback(
1478 zend_class_entry *ce, zend_string *function_name)
1479 {
1480 zend_object *object;
1481 if (ce->__call &&
1482 (object = zend_get_this_object(EG(current_execute_data))) != NULL &&
1483 instanceof_function(object->ce, ce)) {
1484 /* Call the top-level defined __call().
1485 * see: tests/classes/__call_004.phpt */
1486
1487 ZEND_ASSERT(object->ce->__call);
1488 return zend_get_user_call_function(object->ce, function_name);
1489 } else if (ce->__callstatic) {
1490 return zend_get_user_callstatic_function(ce, function_name);
1491 } else {
1492 return NULL;
1493 }
1494 }
1495
zend_std_get_static_method(zend_class_entry * ce,zend_string * function_name,const zval * key)1496 ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, zend_string *function_name, const zval *key) /* {{{ */
1497 {
1498 zend_string *lc_function_name;
1499 if (EXPECTED(key != NULL)) {
1500 lc_function_name = Z_STR_P(key);
1501 } else {
1502 lc_function_name = zend_string_tolower(function_name);
1503 }
1504
1505 zend_function *fbc;
1506 zval *func = zend_hash_find(&ce->function_table, lc_function_name);
1507 if (EXPECTED(func)) {
1508 fbc = Z_FUNC_P(func);
1509 if (!(fbc->op_array.fn_flags & ZEND_ACC_PUBLIC)) {
1510 zend_class_entry *scope = zend_get_executed_scope();
1511 if (UNEXPECTED(fbc->common.scope != scope)) {
1512 if (UNEXPECTED(fbc->op_array.fn_flags & ZEND_ACC_PRIVATE)
1513 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc), scope))) {
1514 zend_function *fallback_fbc = get_static_method_fallback(ce, function_name);
1515 if (!fallback_fbc) {
1516 zend_bad_method_call(fbc, function_name, scope);
1517 }
1518 fbc = fallback_fbc;
1519 }
1520 }
1521 }
1522 } else {
1523 fbc = get_static_method_fallback(ce, function_name);
1524 }
1525
1526 if (UNEXPECTED(!key)) {
1527 zend_string_release_ex(lc_function_name, 0);
1528 }
1529
1530 if (EXPECTED(fbc)) {
1531 if (UNEXPECTED(fbc->common.fn_flags & ZEND_ACC_ABSTRACT)) {
1532 zend_abstract_method_call(fbc);
1533 fbc = NULL;
1534 } else if (UNEXPECTED(fbc->common.scope->ce_flags & ZEND_ACC_TRAIT)) {
1535 zend_error(E_DEPRECATED,
1536 "Calling static trait method %s::%s is deprecated, "
1537 "it should only be called on a class using the trait",
1538 ZSTR_VAL(fbc->common.scope->name), ZSTR_VAL(fbc->common.function_name));
1539 if (EG(exception)) {
1540 return NULL;
1541 }
1542 }
1543 }
1544
1545 return fbc;
1546 }
1547 /* }}} */
1548
zend_class_init_statics(zend_class_entry * class_type)1549 ZEND_API void zend_class_init_statics(zend_class_entry *class_type) /* {{{ */
1550 {
1551 int i;
1552 zval *p;
1553
1554 if (class_type->default_static_members_count && !CE_STATIC_MEMBERS(class_type)) {
1555 if (class_type->parent) {
1556 zend_class_init_statics(class_type->parent);
1557 }
1558
1559 ZEND_MAP_PTR_SET(class_type->static_members_table, emalloc(sizeof(zval) * class_type->default_static_members_count));
1560 for (i = 0; i < class_type->default_static_members_count; i++) {
1561 p = &class_type->default_static_members_table[i];
1562 if (Z_TYPE_P(p) == IS_INDIRECT) {
1563 zval *q = &CE_STATIC_MEMBERS(class_type->parent)[i];
1564 ZVAL_DEINDIRECT(q);
1565 ZVAL_INDIRECT(&CE_STATIC_MEMBERS(class_type)[i], q);
1566 } else {
1567 ZVAL_COPY_OR_DUP(&CE_STATIC_MEMBERS(class_type)[i], p);
1568 }
1569 }
1570 }
1571 } /* }}} */
1572
zend_std_get_static_property_with_info(zend_class_entry * ce,zend_string * property_name,int type,zend_property_info ** property_info_ptr)1573 ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend_string *property_name, int type, zend_property_info **property_info_ptr) /* {{{ */
1574 {
1575 zval *ret;
1576 zend_class_entry *scope;
1577 zend_property_info *property_info = zend_hash_find_ptr(&ce->properties_info, property_name);
1578 *property_info_ptr = property_info;
1579
1580 if (UNEXPECTED(property_info == NULL)) {
1581 goto undeclared_property;
1582 }
1583
1584 if (!(property_info->flags & ZEND_ACC_PUBLIC)) {
1585 if (UNEXPECTED(EG(fake_scope))) {
1586 scope = EG(fake_scope);
1587 } else {
1588 scope = zend_get_executed_scope();
1589 }
1590 if (property_info->ce != scope) {
1591 if (UNEXPECTED(property_info->flags & ZEND_ACC_PRIVATE)
1592 || UNEXPECTED(!is_protected_compatible_scope(property_info->ce, scope))) {
1593 if (type != BP_VAR_IS) {
1594 zend_bad_property_access(property_info, ce, property_name);
1595 }
1596 return NULL;
1597 }
1598 }
1599 }
1600
1601 if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
1602 undeclared_property:
1603 if (type != BP_VAR_IS) {
1604 zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1605 }
1606 return NULL;
1607 }
1608
1609 if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
1610 if (UNEXPECTED(zend_update_class_constants(ce) != SUCCESS)) {
1611 return NULL;
1612 }
1613 }
1614
1615 /* Ensure static properties are initialized. */
1616 if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
1617 zend_class_init_statics(ce);
1618 }
1619
1620 ret = CE_STATIC_MEMBERS(ce) + property_info->offset;
1621 ZVAL_DEINDIRECT(ret);
1622
1623 if (UNEXPECTED((type == BP_VAR_R || type == BP_VAR_RW)
1624 && Z_TYPE_P(ret) == IS_UNDEF && ZEND_TYPE_IS_SET(property_info->type))) {
1625 zend_throw_error(NULL, "Typed static property %s::$%s must not be accessed before initialization",
1626 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1627 return NULL;
1628 }
1629
1630 if (UNEXPECTED(ce->ce_flags & ZEND_ACC_TRAIT)) {
1631 zend_error(E_DEPRECATED,
1632 "Accessing static trait property %s::$%s is deprecated, "
1633 "it should only be accessed on a class using the trait",
1634 ZSTR_VAL(property_info->ce->name), ZSTR_VAL(property_name));
1635 }
1636
1637 return ret;
1638 }
1639 /* }}} */
1640
zend_std_get_static_property(zend_class_entry * ce,zend_string * property_name,int type)1641 ZEND_API zval *zend_std_get_static_property(zend_class_entry *ce, zend_string *property_name, int type) /* {{{ */
1642 {
1643 zend_property_info *prop_info;
1644 return zend_std_get_static_property_with_info(ce, property_name, type, &prop_info);
1645 }
1646
zend_std_unset_static_property(zend_class_entry * ce,zend_string * property_name)1647 ZEND_API ZEND_COLD bool zend_std_unset_static_property(zend_class_entry *ce, zend_string *property_name) /* {{{ */
1648 {
1649 zend_throw_error(NULL, "Attempt to unset static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
1650 return 0;
1651 }
1652 /* }}} */
1653
zend_bad_constructor_call(zend_function * constructor,zend_class_entry * scope)1654 static ZEND_COLD zend_never_inline void zend_bad_constructor_call(zend_function *constructor, zend_class_entry *scope) /* {{{ */
1655 {
1656 if (scope) {
1657 zend_throw_error(NULL, "Call to %s %s::%s() from scope %s",
1658 zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name),
1659 ZSTR_VAL(constructor->common.function_name), ZSTR_VAL(scope->name)
1660 );
1661 } else {
1662 zend_throw_error(NULL, "Call to %s %s::%s() from global scope", zend_visibility_string(constructor->common.fn_flags), ZSTR_VAL(constructor->common.scope->name), ZSTR_VAL(constructor->common.function_name));
1663 }
1664 }
1665 /* }}} */
1666
zend_std_get_constructor(zend_object * zobj)1667 ZEND_API zend_function *zend_std_get_constructor(zend_object *zobj) /* {{{ */
1668 {
1669 zend_function *constructor = zobj->ce->constructor;
1670 zend_class_entry *scope;
1671
1672 if (constructor) {
1673 if (UNEXPECTED(!(constructor->op_array.fn_flags & ZEND_ACC_PUBLIC))) {
1674 if (UNEXPECTED(EG(fake_scope))) {
1675 scope = EG(fake_scope);
1676 } else {
1677 scope = zend_get_executed_scope();
1678 }
1679 if (UNEXPECTED(constructor->common.scope != scope)) {
1680 if (UNEXPECTED(constructor->op_array.fn_flags & ZEND_ACC_PRIVATE)
1681 || UNEXPECTED(!zend_check_protected(zend_get_function_root_class(constructor), scope))) {
1682 zend_bad_constructor_call(constructor, scope);
1683 constructor = NULL;
1684 }
1685 }
1686 }
1687 }
1688
1689 return constructor;
1690 }
1691 /* }}} */
1692
zend_std_compare_objects(zval * o1,zval * o2)1693 ZEND_API int zend_std_compare_objects(zval *o1, zval *o2) /* {{{ */
1694 {
1695 zend_object *zobj1, *zobj2;
1696
1697 if (Z_TYPE_P(o1) != Z_TYPE_P(o2)) {
1698 /* Object and non-object */
1699 zval *object;
1700 zval *value;
1701 zval casted;
1702 bool object_lhs;
1703 if (Z_TYPE_P(o1) == IS_OBJECT) {
1704 object = o1;
1705 value = o2;
1706 object_lhs = true;
1707 } else {
1708 object = o2;
1709 value = o1;
1710 object_lhs = false;
1711 }
1712 ZEND_ASSERT(Z_TYPE_P(value) != IS_OBJECT);
1713 uint8_t target_type = (Z_TYPE_P(value) == IS_FALSE || Z_TYPE_P(value) == IS_TRUE)
1714 ? _IS_BOOL : Z_TYPE_P(value);
1715 if (Z_OBJ_HT_P(object)->cast_object(Z_OBJ_P(object), &casted, target_type) == FAILURE) {
1716 // TODO: Less crazy.
1717 if (target_type == IS_LONG || target_type == IS_DOUBLE) {
1718 zend_error(E_NOTICE, "Object of class %s could not be converted to %s",
1719 ZSTR_VAL(Z_OBJCE_P(object)->name), zend_get_type_by_const(target_type));
1720 if (target_type == IS_LONG) {
1721 ZVAL_LONG(&casted, 1);
1722 } else {
1723 ZVAL_DOUBLE(&casted, 1.0);
1724 }
1725 } else {
1726 return object_lhs ? 1 : -1;
1727 }
1728 }
1729 int ret = object_lhs ? zend_compare(&casted, value) : zend_compare(value, &casted);
1730 zval_ptr_dtor(&casted);
1731 return ret;
1732 }
1733
1734 zobj1 = Z_OBJ_P(o1);
1735 zobj2 = Z_OBJ_P(o2);
1736
1737 if (zobj1 == zobj2) {
1738 return 0; /* the same object */
1739 }
1740 if (zobj1->ce != zobj2->ce) {
1741 return ZEND_UNCOMPARABLE; /* different classes */
1742 }
1743 if (!zobj1->properties && !zobj2->properties) {
1744 zend_property_info *info;
1745 int i;
1746
1747 if (!zobj1->ce->default_properties_count) {
1748 return 0;
1749 }
1750
1751 /* It's enough to protect only one of the objects.
1752 * The second one may be referenced from the first and this may cause
1753 * false recursion detection.
1754 */
1755 /* use bitwise OR to make only one conditional jump */
1756 if (UNEXPECTED(Z_IS_RECURSIVE_P(o1))) {
1757 zend_error_noreturn(E_ERROR, "Nesting level too deep - recursive dependency?");
1758 }
1759 Z_PROTECT_RECURSION_P(o1);
1760
1761 for (i = 0; i < zobj1->ce->default_properties_count; i++) {
1762 zval *p1, *p2;
1763
1764 info = zobj1->ce->properties_info_table[i];
1765
1766 if (!info) {
1767 continue;
1768 }
1769
1770 p1 = OBJ_PROP(zobj1, info->offset);
1771 p2 = OBJ_PROP(zobj2, info->offset);
1772
1773 if (Z_TYPE_P(p1) != IS_UNDEF) {
1774 if (Z_TYPE_P(p2) != IS_UNDEF) {
1775 int ret;
1776
1777 ret = zend_compare(p1, p2);
1778 if (ret != 0) {
1779 Z_UNPROTECT_RECURSION_P(o1);
1780 return ret;
1781 }
1782 } else {
1783 Z_UNPROTECT_RECURSION_P(o1);
1784 return 1;
1785 }
1786 } else {
1787 if (Z_TYPE_P(p2) != IS_UNDEF) {
1788 Z_UNPROTECT_RECURSION_P(o1);
1789 return 1;
1790 }
1791 }
1792 }
1793
1794 Z_UNPROTECT_RECURSION_P(o1);
1795 return 0;
1796 } else {
1797 if (!zobj1->properties) {
1798 rebuild_object_properties(zobj1);
1799 }
1800 if (!zobj2->properties) {
1801 rebuild_object_properties(zobj2);
1802 }
1803 return zend_compare_symbol_tables(zobj1->properties, zobj2->properties);
1804 }
1805 }
1806 /* }}} */
1807
zend_objects_not_comparable(zval * o1,zval * o2)1808 ZEND_API int zend_objects_not_comparable(zval *o1, zval *o2)
1809 {
1810 return ZEND_UNCOMPARABLE;
1811 }
1812
zend_std_has_property(zend_object * zobj,zend_string * name,int has_set_exists,void ** cache_slot)1813 ZEND_API int zend_std_has_property(zend_object *zobj, zend_string *name, int has_set_exists, void **cache_slot) /* {{{ */
1814 {
1815 int result;
1816 zval *value = NULL;
1817 uintptr_t property_offset;
1818 const zend_property_info *prop_info = NULL;
1819
1820 property_offset = zend_get_property_offset(zobj->ce, name, 1, cache_slot, &prop_info);
1821
1822 if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
1823 value = OBJ_PROP(zobj, property_offset);
1824 if (Z_TYPE_P(value) != IS_UNDEF) {
1825 goto found;
1826 }
1827 if (UNEXPECTED(Z_PROP_FLAG_P(value) & IS_PROP_UNINIT)) {
1828 /* Skip __isset() for uninitialized typed properties */
1829 result = 0;
1830 goto exit;
1831 }
1832 } else if (EXPECTED(IS_DYNAMIC_PROPERTY_OFFSET(property_offset))) {
1833 if (EXPECTED(zobj->properties != NULL)) {
1834 if (!IS_UNKNOWN_DYNAMIC_PROPERTY_OFFSET(property_offset)) {
1835 uintptr_t idx = ZEND_DECODE_DYN_PROP_OFFSET(property_offset);
1836
1837 if (EXPECTED(idx < zobj->properties->nNumUsed * sizeof(Bucket))) {
1838 Bucket *p = (Bucket*)((char*)zobj->properties->arData + idx);
1839
1840 if (EXPECTED(p->key == name) ||
1841 (EXPECTED(p->h == ZSTR_H(name)) &&
1842 EXPECTED(p->key != NULL) &&
1843 EXPECTED(zend_string_equal_content(p->key, name)))) {
1844 value = &p->val;
1845 goto found;
1846 }
1847 }
1848 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_DYNAMIC_PROPERTY_OFFSET);
1849 }
1850 value = zend_hash_find(zobj->properties, name);
1851 if (value) {
1852 if (cache_slot) {
1853 uintptr_t idx = (char*)value - (char*)zobj->properties->arData;
1854 CACHE_PTR_EX(cache_slot + 1, (void*)ZEND_ENCODE_DYN_PROP_OFFSET(idx));
1855 }
1856 found:
1857 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY) {
1858 result = zend_is_true(value);
1859 } else if (has_set_exists < ZEND_PROPERTY_NOT_EMPTY) {
1860 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_ISSET);
1861 ZVAL_DEREF(value);
1862 result = (Z_TYPE_P(value) != IS_NULL);
1863 } else {
1864 ZEND_ASSERT(has_set_exists == ZEND_PROPERTY_EXISTS);
1865 result = 1;
1866 }
1867 goto exit;
1868 }
1869 }
1870 } else if (UNEXPECTED(EG(exception))) {
1871 result = 0;
1872 goto exit;
1873 }
1874
1875 result = 0;
1876 if ((has_set_exists != ZEND_PROPERTY_EXISTS) && zobj->ce->__isset) {
1877 uint32_t *guard = zend_get_property_guard(zobj, name);
1878
1879 if (!((*guard) & IN_ISSET)) {
1880 zval rv;
1881
1882 /* have issetter - try with it! */
1883 GC_ADDREF(zobj);
1884 (*guard) |= IN_ISSET; /* prevent circular getting */
1885 zend_std_call_issetter(zobj, name, &rv);
1886 result = zend_is_true(&rv);
1887 zval_ptr_dtor(&rv);
1888 if (has_set_exists == ZEND_PROPERTY_NOT_EMPTY && result) {
1889 if (EXPECTED(!EG(exception)) && zobj->ce->__get && !((*guard) & IN_GET)) {
1890 (*guard) |= IN_GET;
1891 zend_std_call_getter(zobj, name, &rv);
1892 (*guard) &= ~IN_GET;
1893 result = i_zend_is_true(&rv);
1894 zval_ptr_dtor(&rv);
1895 } else {
1896 result = 0;
1897 }
1898 }
1899 (*guard) &= ~IN_ISSET;
1900 OBJ_RELEASE(zobj);
1901 }
1902 }
1903
1904 exit:
1905 return result;
1906 }
1907 /* }}} */
1908
zend_std_get_class_name(const zend_object * zobj)1909 ZEND_API zend_string *zend_std_get_class_name(const zend_object *zobj) /* {{{ */
1910 {
1911 return zend_string_copy(zobj->ce->name);
1912 }
1913 /* }}} */
1914
zend_std_cast_object_tostring(zend_object * readobj,zval * writeobj,int type)1915 ZEND_API zend_result zend_std_cast_object_tostring(zend_object *readobj, zval *writeobj, int type) /* {{{ */
1916 {
1917 switch (type) {
1918 case IS_STRING: {
1919 zend_class_entry *ce = readobj->ce;
1920 if (ce->__tostring) {
1921 zval retval;
1922 GC_ADDREF(readobj);
1923 zend_call_known_instance_method_with_0_params(ce->__tostring, readobj, &retval);
1924 zend_object_release(readobj);
1925 if (EXPECTED(Z_TYPE(retval) == IS_STRING)) {
1926 ZVAL_COPY_VALUE(writeobj, &retval);
1927 return SUCCESS;
1928 }
1929 zval_ptr_dtor(&retval);
1930 if (!EG(exception)) {
1931 zend_throw_error(NULL, "Method %s::__toString() must return a string value", ZSTR_VAL(ce->name));
1932 }
1933 }
1934 return FAILURE;
1935 }
1936 case _IS_BOOL:
1937 ZVAL_TRUE(writeobj);
1938 return SUCCESS;
1939 default:
1940 return FAILURE;
1941 }
1942 }
1943 /* }}} */
1944
zend_std_get_closure(zend_object * obj,zend_class_entry ** ce_ptr,zend_function ** fptr_ptr,zend_object ** obj_ptr,bool check_only)1945 ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **ce_ptr, zend_function **fptr_ptr, zend_object **obj_ptr, bool check_only) /* {{{ */
1946 {
1947 zend_class_entry *ce = obj->ce;
1948 zval *func = zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE));
1949
1950 if (func == NULL) {
1951 return FAILURE;
1952 }
1953 *fptr_ptr = Z_FUNC_P(func);
1954
1955 *ce_ptr = ce;
1956 if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) {
1957 if (obj_ptr) {
1958 *obj_ptr = NULL;
1959 }
1960 } else {
1961 if (obj_ptr) {
1962 *obj_ptr = obj;
1963 }
1964 }
1965 return SUCCESS;
1966 }
1967 /* }}} */
1968
zend_std_get_properties_for(zend_object * obj,zend_prop_purpose purpose)1969 ZEND_API HashTable *zend_std_get_properties_for(zend_object *obj, zend_prop_purpose purpose) {
1970 HashTable *ht;
1971 switch (purpose) {
1972 case ZEND_PROP_PURPOSE_DEBUG:
1973 if (obj->handlers->get_debug_info) {
1974 int is_temp;
1975 ht = obj->handlers->get_debug_info(obj, &is_temp);
1976 if (ht && !is_temp) {
1977 GC_TRY_ADDREF(ht);
1978 }
1979 return ht;
1980 }
1981 ZEND_FALLTHROUGH;
1982 case ZEND_PROP_PURPOSE_ARRAY_CAST:
1983 case ZEND_PROP_PURPOSE_SERIALIZE:
1984 case ZEND_PROP_PURPOSE_VAR_EXPORT:
1985 case ZEND_PROP_PURPOSE_JSON:
1986 ht = obj->handlers->get_properties(obj);
1987 if (ht) {
1988 GC_TRY_ADDREF(ht);
1989 }
1990 return ht;
1991 default:
1992 ZEND_UNREACHABLE();
1993 return NULL;
1994 }
1995 }
1996
zend_get_properties_for(zval * obj,zend_prop_purpose purpose)1997 ZEND_API HashTable *zend_get_properties_for(zval *obj, zend_prop_purpose purpose) {
1998 zend_object *zobj = Z_OBJ_P(obj);
1999
2000 if (zobj->handlers->get_properties_for) {
2001 return zobj->handlers->get_properties_for(zobj, purpose);
2002 }
2003
2004 return zend_std_get_properties_for(zobj, purpose);
2005 }
2006
2007 ZEND_API const zend_object_handlers std_object_handlers = {
2008 0, /* offset */
2009
2010 zend_object_std_dtor, /* free_obj */
2011 zend_objects_destroy_object, /* dtor_obj */
2012 zend_objects_clone_obj, /* clone_obj */
2013
2014 zend_std_read_property, /* read_property */
2015 zend_std_write_property, /* write_property */
2016 zend_std_read_dimension, /* read_dimension */
2017 zend_std_write_dimension, /* write_dimension */
2018 zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
2019 zend_std_has_property, /* has_property */
2020 zend_std_unset_property, /* unset_property */
2021 zend_std_has_dimension, /* has_dimension */
2022 zend_std_unset_dimension, /* unset_dimension */
2023 zend_std_get_properties, /* get_properties */
2024 zend_std_get_method, /* get_method */
2025 zend_std_get_constructor, /* get_constructor */
2026 zend_std_get_class_name, /* get_class_name */
2027 zend_std_cast_object_tostring, /* cast_object */
2028 NULL, /* count_elements */
2029 zend_std_get_debug_info, /* get_debug_info */
2030 zend_std_get_closure, /* get_closure */
2031 zend_std_get_gc, /* get_gc */
2032 NULL, /* do_operation */
2033 zend_std_compare_objects, /* compare */
2034 NULL, /* get_properties_for */
2035 };
2036
