archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix zend_lazy_object_get_properties for object with prop ht, when init fails (#15825)

Browse source 
zend_lazy_object_get_properties() is used by zend_std_get_properties_ex() to fetch the properties of lazy objects. It initializes the object and returns its properties.

When initialization fails we return an empty ht because most callers do not check for NULL. We rely on the exception thrown during initialization. We also assign that empty ht to zend_object.properties for the same reasons.

We asserted that zend_object.properties was either NULL or &zend_empty_array, but there are other cases in which a uninitialized lazy object may have a properties ht.

Here I remove the assertion, and return the existing properties ht if there is one. Otherwise I return zend_new_array(0) instead of &zend_emtpy_array as not all callers expect an immutable array (e.g. FE_FETCH does not).
This commit is contained in:
Arnaud Le Blanc 2024-09-23 13:47:56 +02:00 committed by GitHub
parent 5c1b945a16
commit cc065bae3f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 41 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

37
Zend/tests/lazy_objects/gh15823.phpt Normal file
View file

@ -0,0 +1,37 @@
--TEST--
GH-15823: Wrong expectations in zend_lazy_object_get_properties()
--FILE--
<?php
class C {
public int $a = 1;
}
$reflector = new ReflectionClass(C::class);
$calls = 0;
$obj = $reflector->newLazyGhost(function ($obj) use (&$calls) {
if ($calls++ === 0) {
throw new Error("initializer");
}
$obj->a = 2;
});
// Builds properties ht without lazy initialization
var_dump($obj);
try {
// Lazy initialization fails during fetching of properties ht
json_encode($obj);
} catch (Error $e) {
printf("%s: %s\n", $e::class, $e->getMessage());
}
var_dump(json_encode($obj));
?>
--EXPECTF--
lazy ghost object(C)#%d (0) {
["a"]=>
uninitialized(int)
}
Error: initializer
string(7) "{"a":2}"

6
Zend/zend_lazy_objects.c
View file

@ -624,8 +624,10 @@ ZEND_API HashTable *zend_lazy_object_get_properties(zend_object *object)
zend_object *tmp = zend_lazy_object_init(object);
if (UNEXPECTED(!tmp)) {
ZEND_ASSERT(!object->properties || object->properties == &zend_empty_array);
return object->properties = (zend_array*) &zend_empty_array;
if (object->properties) {
return object->properties;
}
return object->properties = zend_new_array(0);
}
object = tmp;