* Fix GH-19044: Protected properties are not scoped according to their prototype
* Adjust after review
* Simplify to using prototype even for asymmetric visibility
This is necessary because the VM frees operands with the nogc variants. We
cannot just call gc_possible_root() because the object may no longer exist at
that point.
Fixes GH-18907
Closes GH-18917
It's possible to return a reference from __toString(), but this is not
handled and results in a (confusing) error telling that the return value
must be a string.
Properly handle this by unwrapping the reference.
Closes GH-18810.
Currently, this fails because the type is IS_REFERENCE instead of
IS_ARRAY, but this could be confusing because a function return value is
normally dereferenced automatically in a lot of cases.
Closes GH-18762.
With nested objects and recursive comparisons, it is for now unavoidable
to have a stack overflow we do some early damage control attempt early
on with zend.max_allowed_stack_size check but ultimately more a band-aid
than a definitive solution.
close GH-18577
Writing to an uninitialized lazy proxy will initialize the underlying
object and then call zend_std_write_property() on it. If this happens
inside a hook, zend_std_write_property() should not call the hook again
but directly write to the property slot. This didn't previously work
because zend_should_call_hook() would compare the parent frame
containing the proxy to the underlying object. This is now handled
explicitly.
Fixes GH-18000
Closes GH-18001
zend_std_write_property() can return the variable pointer, but the code
was using a local variable, and so a pointer to a local variable could
be returned. Fix this by using the value pointer instead of the backup
value was written.
This can be more efficient on master by using the safe_assign helper.
Closes GH-17947.
This regressed in GH-17592.
The function is with its attributes HashTable* is copied in
zend_get_closure_invoke_method() but its refcount is not increased.
This caused a crash in the Symfony demo page.
Closes GH-17880.
* Fix `#[\Deprecated]` for `__call()` and `__callStatic()`
Fixesphp/php-src#17597.
* Do not duplicate the `attributes` table in `zend_get_call_trampoline_func()`
The compiler compiles $value == true to ZEND_BOOL, which always returns true for
objects (with the default cast_object handler). However, when compared to a
statically unknown rhs $value == $true, the resulting opcode ZEND_IS_EQUAL would
call the objects compare handler.
The zend_objects_not_comparable() handler, which is installed for enums and
other internal classes, blanketly returns false. This does not match the
ZEND_BOOL semantics.
Object to boolean comparison is now handled directly in zend_compare(),
analogous to object to null comparison. It continuous to call the cast_object
handler, but guarantees consistent behavior across ZEND_BOOL and ZEND_IS_EQUAL.
Fixes GH-16954
Closes GH-17031
We asserted that Z_PROP_FLAG_P(retval) was exactly IS_PROP_UNINIT, but this is a
bit field and it may contain irrelevant bits. For instance it may contain
IS_PROP_REINITABLE during clone, or IS_PROP_LAZY if the object is lazy.
Fixes GH-16615
Closes GH-16639
In the test, I have an internal `__call` function for `_ZendTestMagicCallForward` that calls the global function with name `$name` via `call_user_function`.
Note that observer writes the pointer to the previously observed frame in the last temporary of the new call frame (`*prev_observed_frame`).
The following happens:
First, we call `$test->callee`, this will be handled via a trampoline with T=2 for the two arguments. The call frame is allocated at this point. This call frame is not observed because it has `ZEND_ACC_CALL_VIA_TRAMPOLINE` set. Next we use `ZEND_CALL_TRAMPOLINE` to call the trampoline, this reuses the stack frame allocated earlier with T=2, but this time it is observed. The pointer to the previous frame is written outside of the call frame because `T` is too small (should be 3). We are now in the internal function `_ZendTestMagicCallForward::__call` where we call the global function `callee`. This will push a new call frame which will overlap `*prev_observed_frame`. This value gets overwritten by `zend_init_func_execute_data` when `EX(opline)` is set because `*prev_observed_frame` overlaps with `EX(opline)`. From now on, `*prev_observed_frame` is corrupted. When `zend_observer_fcall_end` is called this will result in reading wrong value `*prev_observed_frame` into `current_observed_frame`. This causes issues in `zend_observer_fcall_end_all` leading to the segfault we observe.
Despite function with `ZEND_ACC_CALL_VIA_TRAMPOLINE` not being observed, the reuse of call frames makes problems when `T` is not large enough.
To fix this, we make sure to add 1 to `T` if `ZEND_OBSERVER_ENABLED` is true.
Closes GH-16252.
In zend_std_has_property with ZEND_PROPERTY_EXISTS, we'd just return true when
no get hook was present. However, this function is supposed to return false for
uninitialized properties. PROPERTY_EXISTS is somewhat of a misnomer. Virtual
properties continue to always return true, given there's no backing value to
check.
Fixes GH-15694
Closes GH-15822
