Merge branch 'master' of github.com:php/php-src

Zend/tests/gh9136.phpt

@@ -0,0 +1,10 @@
+--TEST--
+GH-9136: Assertion when fetching property of magic constant in constant expression
+--FILE--
+<?php
+
+const C = __file__->foo;
+
+?>
+--EXPECTF--
+Warning: Attempt to read property "foo" on string in %s on line %d

Zend/tests/gh9138.phpt

@@ -0,0 +1,11 @@
+--TEST--
+GH-9138: NULL pointer dereference when fetching property of "bad" list in constant expression
+--FILE--
+<?php
+
+#[Attribute([,]->e)]
+class Foo {}
+
+?>
+--EXPECTF--
+Fatal error: Cannot use empty array elements in arrays in %s on line %d

Zend/zend_closures.c

@@ -121,7 +121,6 @@ ZEND_METHOD(Closure, call)
 	zend_closure *closure;
 	zend_fcall_info fci;
 	zend_fcall_info_cache fci_cache;
-	zend_function my_function;
 	zend_object *newobj;
 	zend_class_entry *newclass;
 
@@ -142,55 +141,71 @@ ZEND_METHOD(Closure, call)
 		return;
 	}
 
-	if (closure->func.common.fn_flags & ZEND_ACC_GENERATOR) {
-		zval new_closure;
-		zend_create_closure(&new_closure, &closure->func, newclass, closure->called_scope, newthis);
-		closure = (zend_closure *) Z_OBJ(new_closure);
-		fci_cache.function_handler = &closure->func;
-	} else {
-		memcpy(&my_function, &closure->func, closure->func.type == ZEND_USER_FUNCTION ? sizeof(zend_op_array) : sizeof(zend_internal_function));
-		my_function.common.fn_flags &= ~ZEND_ACC_CLOSURE;
-		/* use scope of passed object */
-		my_function.common.scope = newclass;
-		if (closure->func.type == ZEND_INTERNAL_FUNCTION) {
-			my_function.internal_function.handler = closure->orig_internal_handler;
-		}
-		fci_cache.function_handler = &my_function;
-
-		/* Runtime cache relies on bound scope to be immutable, hence we need a separate rt cache in case scope changed */
-		if (ZEND_USER_CODE(my_function.type)
-		 && (closure->func.common.scope != newclass
-		  || (closure->func.common.fn_flags & ZEND_ACC_HEAP_RT_CACHE))) {
-			void *ptr;
-
-			my_function.op_array.fn_flags |= ZEND_ACC_HEAP_RT_CACHE;
-			ptr = emalloc(my_function.op_array.cache_size);
-			ZEND_MAP_PTR_INIT(my_function.op_array.run_time_cache, ptr);
-			memset(ptr, 0, my_function.op_array.cache_size);
-		}
-	}
-
 	fci_cache.called_scope = newclass;
 	fci_cache.object = fci.object = newobj;
 
 	fci.size = sizeof(fci);
 	ZVAL_OBJ(&fci.function_name, &closure->std);
+	ZVAL_UNDEF(&closure_result);
 	fci.retval = &closure_result;
 
-	if (zend_call_function(&fci, &fci_cache) == SUCCESS && Z_TYPE(closure_result) != IS_UNDEF) {
+	if (closure->func.common.fn_flags & ZEND_ACC_GENERATOR) {
+		zval new_closure;
+		zend_create_closure(&new_closure, &closure->func, newclass, closure->called_scope, newthis);
+		closure = (zend_closure *) Z_OBJ(new_closure);
+		fci_cache.function_handler = &closure->func;
+
+		zend_call_function(&fci, &fci_cache);
+
+		/* copied upon generator creation */
+		GC_DELREF(&closure->std);
+	} else {
+		zend_function *my_function;
+		if (ZEND_USER_CODE(closure->func.type)) {
+			my_function = emalloc(sizeof(zend_op_array));
+			memcpy(my_function, &closure->func, sizeof(zend_op_array));
+		} else {
+			my_function = emalloc(sizeof(zend_internal_function));
+			memcpy(my_function, &closure->func, sizeof(zend_internal_function));
+		}
+		my_function->common.fn_flags &= ~ZEND_ACC_CLOSURE;
+		/* use scope of passed object */
+		my_function->common.scope = newclass;
+		if (closure->func.type == ZEND_INTERNAL_FUNCTION) {
+			my_function->internal_function.handler = closure->orig_internal_handler;
+		}
+		fci_cache.function_handler = my_function;
+
+		/* Runtime cache relies on bound scope to be immutable, hence we need a separate rt cache in case scope changed */
+		if (ZEND_USER_CODE(my_function->type)
+		 && (closure->func.common.scope != newclass
+		  || (closure->func.common.fn_flags & ZEND_ACC_HEAP_RT_CACHE))) {
+			void *ptr;
+
+			my_function->op_array.fn_flags |= ZEND_ACC_HEAP_RT_CACHE;
+			ptr = emalloc(my_function->op_array.cache_size);
+			ZEND_MAP_PTR_INIT(my_function->op_array.run_time_cache, ptr);
+			memset(ptr, 0, my_function->op_array.cache_size);
+		}
+
+		zend_call_function(&fci, &fci_cache);
+
+		if (ZEND_USER_CODE(my_function->type)) {
+			if (fci_cache.function_handler->common.fn_flags & ZEND_ACC_HEAP_RT_CACHE) {
+				efree(ZEND_MAP_PTR(my_function->op_array.run_time_cache));
+			}
+			efree_size(my_function, sizeof(zend_op_array));
+		} else {
+			efree_size(my_function, sizeof(zend_internal_function));
+		}
+	}
+
+	if (Z_TYPE(closure_result) != IS_UNDEF) {
 		if (Z_ISREF(closure_result)) {
 			zend_unwrap_reference(&closure_result);
 		}
 		ZVAL_COPY_VALUE(return_value, &closure_result);
 	}
-
-	if (fci_cache.function_handler->common.fn_flags & ZEND_ACC_GENERATOR) {
-		/* copied upon generator creation */
-		GC_DELREF(&closure->std);
-	} else if (ZEND_USER_CODE(my_function.type)
-	 && (fci_cache.function_handler->common.fn_flags & ZEND_ACC_HEAP_RT_CACHE)) {
-		efree(ZEND_MAP_PTR(my_function.op_array.run_time_cache));
-	}
 }
 /* }}} */
 

Zend/zend_compile.c

@@ -10616,6 +10616,10 @@ static void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
 		case ZEND_AST_CONST_ENUM_INIT:
 			zend_eval_const_expr(&ast->child[2]);
 			return;
+		case ZEND_AST_PROP:
+			zend_eval_const_expr(&ast->child[0]);
+			zend_eval_const_expr(&ast->child[1]);
+			return;
 		default:
 			return;
 	}

build/gen_stub.php

@@ -533,7 +533,12 @@ class SimpleType {
     }
 
     public function toEscapedName(): string {
-        return str_replace('\\', '\\\\', $this->name);
+        // Escape backslashes, and also encode \u and \U to avoid compilation errors in generated macros
+        return str_replace(
+            ['\\', '\\u', '\\U'],
+            ['\\\\', '\\\\165', '\\\\125'],
+            $this->name
+        );
     }
 
     public function toVarEscapedName(): string {
@@ -2976,7 +2981,7 @@ class ClassInfo {
             $parentInfo->collectInheritedMembers(
                 $parentsWithInheritedConstants,
                 $unusedParentsWithInheritedProperties,
-                $parentsWithInheritedMethods,
+                $unusedParentsWithInheritedMethods,
                 $classMap
             );
         }

ext/openssl/openssl.c

@@ -7652,15 +7652,6 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
 	}
 	buffer = zend_string_alloc(buffer_length, 0);
 
-#ifdef PHP_WIN32
-	/* random/urandom equivalent on Windows */
-	if (php_win32_get_random_bytes((unsigned char*)(buffer)->val, (size_t) buffer_length) == FAILURE){
-		zend_string_release_ex(buffer, 0);
-		zend_throw_exception(zend_ce_exception, "Error reading from source device", 0);
-		return NULL;
-	}
-#else
-
 	PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length);
 	PHP_OPENSSL_RAND_ADD_TIME();
 	if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) {
@@ -7670,7 +7661,7 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
 	} else {
 		php_openssl_store_errors();
 	}
-#endif
+
 	return buffer;
 }
 

ext/zend_test/test.c

@@ -43,6 +43,7 @@ static zend_class_entry *zend_test_class_with_method_with_parameter_attribute;
 static zend_class_entry *zend_test_child_class_with_method_with_parameter_attribute;
 static zend_class_entry *zend_test_forbid_dynamic_call;
 static zend_class_entry *zend_test_ns_foo_class;
+static zend_class_entry *zend_test_ns_unlikely_compile_error_class;
 static zend_class_entry *zend_test_ns2_foo_class;
 static zend_class_entry *zend_test_ns2_ns_foo_class;
 static zend_class_entry *zend_test_unit_enum;
@@ -535,6 +536,13 @@ static ZEND_METHOD(ZendTestNS_Foo, method)
 	RETURN_LONG(0);
 }
 
+static ZEND_METHOD(ZendTestNS_UnlikelyCompileError, method)
+{
+	ZEND_PARSE_PARAMETERS_NONE();
+
+	RETURN_NULL();
+}
+
 static ZEND_METHOD(ZendTestNS2_Foo, method)
 {
 	ZEND_PARSE_PARAMETERS_NONE();
@@ -698,6 +706,7 @@ PHP_MINIT_FUNCTION(zend_test)
 	zend_test_forbid_dynamic_call = register_class_ZendTestForbidDynamicCall();
 
 	zend_test_ns_foo_class = register_class_ZendTestNS_Foo();
+	zend_test_ns_unlikely_compile_error_class = register_class_ZendTestNS_UnlikelyCompileError();
 	zend_test_ns2_foo_class = register_class_ZendTestNS2_Foo();
 	zend_test_ns2_ns_foo_class = register_class_ZendTestNS2_ZendSubNS_Foo();
 

ext/zend_test/test.stub.php

@@ -150,6 +150,12 @@ namespace ZendTestNS {
         public function method(): int {}
     }
 
+    class UnlikelyCompileError {
+        /* This method signature would create a compile error due to the string
+         * "ZendTestNS\UnlikelyCompileError" in the generated macro call */
+        public function method(): ?UnlikelyCompileError {}
+    }
+
 }
 
 namespace ZendTestNS2 {

ext/zend_test/test_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 64a10ff1af71cb2f9024f73ddaa34a924b85b968 */
+ * Stub hash: 2c654cefda278094fa4cdc25b83ced269e83cadf */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_zend_test_array_return, 0, 0, IS_ARRAY, 0)
 ZEND_END_ARG_INFO()
@@ -131,6 +131,9 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_class_ZendTestNS_Foo_method, 0, 0, 0)
 #endif
 ZEND_END_ARG_INFO()
 
+ZEND_BEGIN_ARG_WITH_RETURN_OBJ_INFO_EX(arginfo_class_ZendTestNS_UnlikelyCompileError_method, 0, 0, ZendTestNS\\\125nlikelyCompileError, 1)
+ZEND_END_ARG_INFO()
+
 #define arginfo_class_ZendTestNS2_Foo_method arginfo_zend_test_void_return
 
 #define arginfo_class_ZendTestNS2_ZendSubNS_Foo_method arginfo_zend_test_void_return
@@ -173,6 +176,7 @@ static ZEND_METHOD(ZendTestChildClassWithMethodWithParameterAttribute, override)
 static ZEND_METHOD(ZendTestForbidDynamicCall, call);
 static ZEND_METHOD(ZendTestForbidDynamicCall, callStatic);
 static ZEND_METHOD(ZendTestNS_Foo, method);
+static ZEND_METHOD(ZendTestNS_UnlikelyCompileError, method);
 static ZEND_METHOD(ZendTestNS2_Foo, method);
 static ZEND_METHOD(ZendTestNS2_ZendSubNS_Foo, method);
 
@@ -284,6 +288,12 @@ static const zend_function_entry class_ZendTestNS_Foo_methods[] = {
 };
 
 
+static const zend_function_entry class_ZendTestNS_UnlikelyCompileError_methods[] = {
+	ZEND_ME(ZendTestNS_UnlikelyCompileError, method, arginfo_class_ZendTestNS_UnlikelyCompileError_method, ZEND_ACC_PUBLIC)
+	ZEND_FE_END
+};
+
+
 static const zend_function_entry class_ZendTestNS2_Foo_methods[] = {
 	ZEND_ME(ZendTestNS2_Foo, method, arginfo_class_ZendTestNS2_Foo_method, ZEND_ACC_PUBLIC)
 	ZEND_FE_END
@@ -560,6 +570,16 @@ static zend_class_entry *register_class_ZendTestNS_Foo(void)
 	return class_entry;
 }
 
+static zend_class_entry *register_class_ZendTestNS_UnlikelyCompileError(void)
+{
+	zend_class_entry ce, *class_entry;
+
+	INIT_NS_CLASS_ENTRY(ce, "ZendTestNS", "UnlikelyCompileError", class_ZendTestNS_UnlikelyCompileError_methods);
+	class_entry = zend_register_internal_class_ex(&ce, NULL);
+
+	return class_entry;
+}
+
 static zend_class_entry *register_class_ZendTestNS2_Foo(void)
 {
 	zend_class_entry ce, *class_entry;

ext/zend_test/tests/gen_stub_test_01.phpt

@@ -9,6 +9,8 @@ $foo = new \ZendTestNS2\Foo();
 var_dump($foo);
 $foo->foo = new \ZendTestNS2\ZendSubNS\Foo();
 var_dump($foo);
+$foo = new \ZendTestNS\UnlikelyCompileError();
+var_dump($foo);
 ?>
 --EXPECTF--
 object(ZendTestNS2\Foo)#%d (%d) {
@@ -20,3 +22,5 @@ object(ZendTestNS2\Foo)#%d (%d) {
   object(ZendTestNS2\ZendSubNS\Foo)#%d (%d) {
   }
 }
+object(ZendTestNS\UnlikelyCompileError)#%d (%d) {
+}