mirror of
https://github.com/php/php-src.git
synced 2025-08-15 21:48:51 +02:00
Add sanity check for type of read_property return value
If an internal class overrides read_property and declared property types, make sure that the returned value matches the declared type (in debug builds).
This commit is contained in:
Nikita Popov
parent
aad283e9f3
commit
53e9c36cd9
3 changed files with 74 additions and 0 deletions
|
|
@ -1189,6 +1189,15 @@ static ZEND_COLD void zend_internal_call_arginfo_violation(zend_function *fbc)
|
|||
fbc->common.scope ? "::" : "",
|
||||
ZSTR_VAL(fbc->common.function_name));
|
||||
}
|
||||
|
||||
static void zend_verify_internal_read_property_type(zend_object *obj, zend_string *name, zval *val)
|
||||
{
|
||||
zend_property_info *prop_info =
|
||||
zend_get_property_info(obj->ce, name, /* silent */ true);
|
||||
if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) {
|
||||
zend_verify_property_type(prop_info, val, /* strict */ true);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
ZEND_API ZEND_COLD void ZEND_FASTCALL zend_missing_arg_error(zend_execute_data *execute_data)
|
||||
|
|
|
|||
|
|
@ -2106,6 +2106,11 @@ ZEND_VM_C_LABEL(fetch_obj_r_fast_copy):
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (OP2_TYPE != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
|
|||
|
|
@ -6286,6 +6286,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CONST != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -8613,6 +8618,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((IS_TMP_VAR|IS_VAR) != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -10963,6 +10973,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CV != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -15382,6 +15397,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CONST != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -16802,6 +16822,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((IS_TMP_VAR|IS_VAR) != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -18114,6 +18139,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CV != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -31487,6 +31517,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CONST != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -33400,6 +33435,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((IS_TMP_VAR|IS_VAR) != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -35899,6 +35939,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CV != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -40086,6 +40131,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CONST != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -43752,6 +43802,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((IS_TMP_VAR|IS_VAR) != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
@ -48795,6 +48850,11 @@ fetch_obj_r_fast_copy:
|
|||
}
|
||||
|
||||
retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, EX_VAR(opline->result.var));
|
||||
#if ZEND_DEBUG
|
||||
if (!EG(exception) && zobj->handlers->read_property != zend_std_read_property) {
|
||||
zend_verify_internal_read_property_type(zobj, name, retval);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (IS_CV != IS_CONST) {
|
||||
zend_tmp_string_release(tmp_name);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue