Skip to content

Commit 53cf140

Browse files
tony2001tony2001
committed
fix #40794 (ReflectionObject::getValues() may crash when used with dynamic properties)
1 parent 29c4f05 commit 53cf140

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

ext/reflection/php_reflection.c

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ static void string_free(string *str)
174174
/* Struct for properties */
175175
typedef struct _property_reference {
176176
zend_class_entry *ce;
177-
zend_property_info *prop;
177+
zend_property_info prop;
178178
} property_reference;
179179

180180
/* Struct for parameters */
@@ -1180,7 +1180,7 @@ static void reflection_property_factory(zend_class_entry *ce, zend_property_info
11801180
intern = (reflection_object *) zend_object_store_get_object(object TSRMLS_CC);
11811181
reference = (property_reference*) emalloc(sizeof(property_reference));
11821182
reference->ce = ce;
1183-
reference->prop = prop;
1183+
reference->prop = *prop;
11841184
intern->ptr = reference;
11851185
intern->free_ptr = 1;
11861186
intern->ce = ce;
@@ -3267,7 +3267,7 @@ static int _adddynproperty(zval **pptr, int num_args, va_list args, zend_hash_ke
32673267
ZVAL_STRINGL(&member, hash_key->arKey.s, hash_key->nKeyLength-1, 0);
32683268
}
32693269
if (zend_get_property_info(ce, &member, 1 TSRMLS_CC) == &EG(std_property_info)) {
3270-
ALLOC_ZVAL(property);
3270+
MAKE_STD_ZVAL(property);
32713271
reflection_property_factory(ce, &EG(std_property_info), property TSRMLS_CC);
32723272
add_next_index_zval(retval, property);
32733273
}
@@ -3912,7 +3912,7 @@ ZEND_METHOD(reflection_property, __construct)
39123912

39133913
reference = (property_reference*) emalloc(sizeof(property_reference));
39143914
reference->ce = ce;
3915-
reference->prop = property_info;
3915+
reference->prop = *property_info;
39163916
intern->ptr = reference;
39173917
intern->free_ptr = 1;
39183918
intern->ce = ce;
@@ -3930,7 +3930,7 @@ ZEND_METHOD(reflection_property, __toString)
39303930
METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
39313931
GET_REFLECTION_OBJECT_PTR(ref);
39323932
string_init(&str);
3933-
_property_string(&str, ref->prop, NULL_ZSTR, "" TSRMLS_CC);
3933+
_property_string(&str, &ref->prop, NULL_ZSTR, "" TSRMLS_CC);
39343934
RETURN_U_STRINGL(ZEND_U_CONVERTER(UG(output_encoding_conv)), str.string, str.len - 1, ZSTR_AUTOFREE);
39353935
}
39363936
/* }}} */
@@ -3951,7 +3951,7 @@ static void _property_check_flag(INTERNAL_FUNCTION_PARAMETERS, int mask)
39513951

39523952
METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
39533953
GET_REFLECTION_OBJECT_PTR(ref);
3954-
RETURN_BOOL(ref->prop->flags & mask);
3954+
RETURN_BOOL(ref->prop.flags & mask);
39553955
}
39563956

39573957
/* {{{ proto public bool ReflectionProperty::isPublic() U
@@ -4007,13 +4007,13 @@ ZEND_METHOD(reflection_property, getDefaultValue)
40074007
METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
40084008
GET_REFLECTION_OBJECT_PTR(ref);
40094009

4010-
if (ref->prop->flags & ZEND_ACC_STATIC) {
4010+
if (ref->prop.flags & ZEND_ACC_STATIC) {
40114011
prop_defaults = &ref->ce->default_static_members;
40124012
} else {
40134013
prop_defaults = &ref->ce->default_properties;
40144014
}
40154015

4016-
if (zend_u_hash_quick_find(prop_defaults, utype, ref->prop->name, ref->prop->name_length+1, ref->prop->h, (void**)&zdef) == SUCCESS) {
4016+
if (zend_u_hash_quick_find(prop_defaults, utype, ref->prop.name, ref->prop.name_length+1, ref->prop.h, (void**)&zdef) == SUCCESS) {
40174017
ALLOC_ZVAL(zv);
40184018
*zv = **zdef;
40194019
zval_copy_ctor(zv);
@@ -4034,7 +4034,7 @@ ZEND_METHOD(reflection_property, getModifiers)
40344034
METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
40354035
GET_REFLECTION_OBJECT_PTR(ref);
40364036

4037-
RETURN_LONG(ref->prop->flags);
4037+
RETURN_LONG(ref->prop.flags);
40384038
}
40394039
/* }}} */
40404040

@@ -4051,26 +4051,26 @@ ZEND_METHOD(reflection_property, getValue)
40514051
METHOD_NOTSTATIC(reflection_property_ptr);
40524052
GET_REFLECTION_OBJECT_PTR(ref);
40534053

4054-
if (!(ref->prop->flags & ZEND_ACC_PUBLIC)) {
4054+
if (!(ref->prop.flags & ZEND_ACC_PUBLIC)) {
40554055
_default_get_entry(getThis(), "name", sizeof("name"), &name TSRMLS_CC);
40564056
zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC,
40574057
"Cannot access non-public member %v::%v", intern->ce->name, Z_UNIVAL(name));
40584058
zval_dtor(&name);
40594059
return;
40604060
}
40614061

4062-
if ((ref->prop->flags & ZEND_ACC_STATIC)) {
4062+
if ((ref->prop.flags & ZEND_ACC_STATIC)) {
40634063
zend_update_class_constants(intern->ce TSRMLS_CC);
4064-
if (zend_u_hash_quick_find(CE_STATIC_MEMBERS(intern->ce), utype, ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &member) == FAILURE) {
4065-
zend_error(E_ERROR, "Internal error: Could not find the property %v::%v", intern->ce->name, ref->prop->name);
4064+
if (zend_u_hash_quick_find(CE_STATIC_MEMBERS(intern->ce), utype, ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &member) == FAILURE) {
4065+
zend_error(E_ERROR, "Internal error: Could not find the property %v::%v", intern->ce->name, ref->prop.name);
40664066
/* Bails out */
40674067
}
40684068
} else {
40694069
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &object) == FAILURE) {
40704070
return;
40714071
}
4072-
if (zend_u_hash_quick_find(Z_OBJPROP_P(object), utype, ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &member) == FAILURE) {
4073-
zend_error(E_ERROR, "Internal error: Could not find the property %v::%v", intern->ce->name, ref->prop->name);
4072+
if (zend_u_hash_quick_find(Z_OBJPROP_P(object), utype, ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &member) == FAILURE) {
4073+
zend_error(E_ERROR, "Internal error: Could not find the property %v::%v", intern->ce->name, ref->prop.name);
40744074
/* Bails out */
40754075
}
40764076
}
@@ -4098,15 +4098,15 @@ ZEND_METHOD(reflection_property, setValue)
40984098
METHOD_NOTSTATIC(reflection_property_ptr);
40994099
GET_REFLECTION_OBJECT_PTR(ref);
41004100

4101-
if (!(ref->prop->flags & ZEND_ACC_PUBLIC)) {
4101+
if (!(ref->prop.flags & ZEND_ACC_PUBLIC)) {
41024102
_default_get_entry(getThis(), "name", sizeof("name"), &name TSRMLS_CC);
41034103
zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC,
41044104
"Cannot access non-public member %v::%v", intern->ce->name, Z_UNIVAL(name));
41054105
zval_dtor(&name);
41064106
return;
41074107
}
41084108

4109-
if ((ref->prop->flags & ZEND_ACC_STATIC)) {
4109+
if ((ref->prop.flags & ZEND_ACC_STATIC)) {
41104110
if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "z", &value) == FAILURE) {
41114111
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &tmp, &value) == FAILURE) {
41124112
return;
@@ -4121,8 +4121,8 @@ ZEND_METHOD(reflection_property, setValue)
41214121
prop_table = Z_OBJPROP_P(object);
41224122
}
41234123

4124-
if (zend_u_hash_quick_find(prop_table, utype, ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &variable_ptr) == FAILURE) {
4125-
zend_error(E_ERROR, "Internal error: Could not find the property %v::%v", intern->ce->name, ref->prop->name);
4124+
if (zend_u_hash_quick_find(prop_table, utype, ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &variable_ptr) == FAILURE) {
4125+
zend_error(E_ERROR, "Internal error: Could not find the property %v::%v", intern->ce->name, ref->prop.name);
41264126
/* Bails out */
41274127
}
41284128
if (*variable_ptr == value) {
@@ -4145,7 +4145,7 @@ ZEND_METHOD(reflection_property, setValue)
41454145
if (PZVAL_IS_REF(value)) {
41464146
SEPARATE_ZVAL(&value);
41474147
}
4148-
zend_u_hash_quick_update(prop_table, utype, ref->prop->name, ref->prop->name_length+1, ref->prop->h, &value, sizeof(zval *), (void **) &foo);
4148+
zend_u_hash_quick_update(prop_table, utype, ref->prop.name, ref->prop.name_length+1, ref->prop.h, &value, sizeof(zval *), (void **) &foo);
41494149
}
41504150
}
41514151
/* }}} */
@@ -4164,7 +4164,7 @@ ZEND_METHOD(reflection_property, getDeclaringClass)
41644164
METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
41654165
GET_REFLECTION_OBJECT_PTR(ref);
41664166

4167-
if (zend_u_unmangle_property_name(UG(unicode)?IS_UNICODE:IS_STRING, ref->prop->name, ref->prop->name_length, &class_name, &prop_name) != SUCCESS) {
4167+
if (zend_u_unmangle_property_name(UG(unicode)?IS_UNICODE:IS_STRING, ref->prop.name, ref->prop.name_length, &class_name, &prop_name) != SUCCESS) {
41684168
RETURN_FALSE;
41694169
}
41704170

@@ -4192,8 +4192,8 @@ ZEND_METHOD(reflection_property, getDocComment)
41924192

41934193
METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
41944194
GET_REFLECTION_OBJECT_PTR(ref);
4195-
if (ref->prop->doc_comment.v) {
4196-
RETURN_ZSTRL(ZEND_STR_TYPE, ref->prop->doc_comment, ref->prop->doc_comment_len, 1);
4195+
if (ref->prop.doc_comment.v) {
4196+
RETURN_ZSTRL(ZEND_STR_TYPE, ref->prop.doc_comment, ref->prop.doc_comment_len, 1);
41974197
}
41984198
RETURN_FALSE;
41994199
}

0 commit comments

Comments
 (0)