Fix GH-16414: zend_test.observer.observe_function_names may segfault

Unless `zend_test.observer.enabled` is on, we must not add observer handlers, so we let the INI modify handler fail early. We also need to ensure that the functions to observe have already been called, so that their begin and end handlers are properly initialized. Otherwise we will not observe the function execution, but a segfault. Co-authored-by: Bob Weinand <bobwei9@hotmail.com> Closes GH-16438.
2026-03-24 00:02:20 +01:00 · 2024-10-16 19:43:49 +02:00
parent fe310181e4
commit 909cecb7fa
2 changed files with 18 additions and 2 deletions
--- a/ext/zend_test/observer.c
+++ b/ext/zend_test/observer.c
@@ -304,9 +304,12 @@ static ZEND_INI_MH(zend_test_observer_OnUpdateCommaList)
 	zend_array **p = (zend_array **) ZEND_INI_GET_ADDR();
 	zend_string *funcname;
 	zend_function *func;
+	if (!ZT_G(observer_enabled)) {
+		return FAILURE;
+	}
 	if (stage != PHP_INI_STAGE_STARTUP && stage != PHP_INI_STAGE_ACTIVATE && stage != PHP_INI_STAGE_DEACTIVATE && stage != PHP_INI_STAGE_SHUTDOWN) {
 		ZEND_HASH_FOREACH_STR_KEY(*p, funcname) {
-			if ((func = zend_hash_find_ptr(EG(function_table), funcname))) {
+			if ((func = zend_hash_find_ptr(EG(function_table), funcname)) && ZEND_OBSERVER_DATA(func) != NULL) {
 				void *old_handler;
 				zend_observer_remove_begin_handler(func, observer_begin, (zend_observer_fcall_begin_handler *)&old_handler);
 				zend_observer_remove_end_handler(func, observer_end, (zend_observer_fcall_end_handler *)&old_handler);
@@ -329,7 +332,7 @@ static ZEND_INI_MH(zend_test_observer_OnUpdateCommaList)
 		zend_string_release(str);
 		if (stage != PHP_INI_STAGE_STARTUP && stage != PHP_INI_STAGE_ACTIVATE && stage != PHP_INI_STAGE_DEACTIVATE && stage != PHP_INI_STAGE_SHUTDOWN) {
 			ZEND_HASH_FOREACH_STR_KEY(*p, funcname) {
-				if ((func = zend_hash_find_ptr(EG(function_table), funcname))) {
+				if ((func = zend_hash_find_ptr(EG(function_table), funcname)) && ZEND_OBSERVER_DATA(func) != NULL) {
 					zend_observer_add_begin_handler(func, observer_begin);
 					zend_observer_add_end_handler(func, observer_end);
 				}
--- a/ext/zend_test/tests/gh16414.phpt
+++ b/ext/zend_test/tests/gh16414.phpt
@@ -0,0 +1,13 @@
+--TEST--
+GH-16414 (zend_test.observer.observe_function_names may segfault)
+--EXTENSIONS--
+zend_test
+--INI--
+zend_test.observer.enabled=0
+--FILE--
+<?php
+function bar() {}
+var_dump(ini_set("zend_test.observer.observe_function_names", "bar"));
+?>
+--EXPECT--
+bool(false)