mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-27 11:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Avoid reusing zend_function.common.prototype for magic things (use reserved fields instead).

Browse Source
This commit is contained in:
Dmitry Stogov 2018-06-21 13:09:25 +03:00
parent f87cc89f4d
commit 4418d61ca3
5 changed files with 7 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Zend/zend_closures.c
View File

@ -236,7 +236,7 @@ static ZEND_NAMED_FUNCTION(zend_closure_call_magic) /* {{{ */ {
fci.size = sizeof(zend_fcall_info);
fci.retval = return_value;
fcc.function_handler = (zend_function *) EX(func)->common.arg_info;
fcc.function_handler = (zend_function *) EX(func)->internal_function.reserved[0];
fci.params = params;
fci.param_count = 2;
ZVAL_STR(&fci.params[0], EX(func)->common.function_name);
@ -274,7 +274,7 @@ static int zend_create_closure_from_callable(zval *return_value, zval *callable,
call.type = ZEND_INTERNAL_FUNCTION;
call.handler = zend_closure_call_magic;
call.function_name = mptr->common.function_name;
call.arg_info = (zend_internal_arg_info *) mptr->common.prototype;
call.reserved[0] = mptr->op_array.reserved[0];
call.scope = mptr->common.scope;
zend_free_trampoline(mptr);

2
Zend/zend_object_handlers.c
View File

@ -1132,7 +1132,7 @@ ZEND_API zend_function *zend_get_call_trampoline_func(zend_class_entry *ce, zend
}
func->opcodes = &EG(call_trampoline_op);
func->prototype = fbc;
func->reserved[0] = fbc;
func->scope = fbc->common.scope;
/* reserve space for arguments, local and temorary variables */
func->T = (fbc->type == ZEND_USER_FUNCTION)? MAX(fbc->op_array.last_var + fbc->op_array.T, 2) : 2;

5
Zend/zend_vm_def.h
View File

@ -7669,9 +7669,8 @@ ZEND_VM_HANDLER(158, ZEND_CALL_TRAMPOLINE, ANY, ANY)
call = execute_data;
execute_data = EG(current_execute_data) = EX(prev_execute_data);
ZEND_ASSERT(zend_vm_calc_used_stack(2, fbc->common.prototype) <= (size_t)(((char*)EG(vm_stack_end)) - (char*)call));
call->func = fbc->common.prototype;
call->func = fbc->op_array.reserved[0];
ZEND_ASSERT(zend_vm_calc_used_stack(2, call->func) <= (size_t)(((char*)EG(vm_stack_end)) - (char*)call));
ZEND_CALL_NUM_ARGS(call) = 2;
ZVAL_STR(ZEND_CALL_ARG(call, 1), fbc->common.function_name);

5
Zend/zend_vm_execute.h
View File

@ -1955,9 +1955,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_CALL_TRAMPOLINE_SPEC_HANDLER(Z
call = execute_data;
execute_data = EG(current_execute_data) = EX(prev_execute_data);
ZEND_ASSERT(zend_vm_calc_used_stack(2, fbc->common.prototype) <= (size_t)(((char*)EG(vm_stack_end)) - (char*)call));
call->func = fbc->common.prototype;
call->func = fbc->op_array.reserved[0];
ZEND_ASSERT(zend_vm_calc_used_stack(2, call->func) <= (size_t)(((char*)EG(vm_stack_end)) - (char*)call));
ZEND_CALL_NUM_ARGS(call) = 2;
ZVAL_STR(ZEND_CALL_ARG(call, 1), fbc->common.function_name);

16
ext/reflection/php_reflection.c
View File

@ -195,15 +195,6 @@ static zend_function *_copy_function(zend_function *fptr) /* {{{ */
}
/* }}} */
static void _fix_closure_prototype(zend_function *fptr) /* {{{ */
{
/* Actually we are setting proxy function's prototype to null
* as for it, the prototype is an object not a function
* which could cause serious problems, see #74949 */
fptr->common.prototype = NULL;
}
/* }}} */
static void _free_function(zend_function *fptr) /* {{{ */
{
if (fptr
@ -502,7 +493,6 @@ static void _class_string(smart_str *str, zend_class_entry *ce, zval *obj, char
&& memcmp(ZSTR_VAL(mptr->common.function_name), ZEND_INVOKE_FUNC_NAME, sizeof(ZEND_INVOKE_FUNC_NAME)-1) == 0
&& (closure = zend_get_closure_invoke_method(Z_OBJ_P(obj))) != NULL)
{
_fix_closure_prototype(closure);
mptr = closure;
} else {
closure = NULL;
@ -2347,7 +2337,6 @@ ZEND_METHOD(reflection_parameter, __construct)
{
/* nothing to do. don't set is_closure since is the invoke handler,
not the closure itself */
_fix_closure_prototype(fptr);
} else if ((fptr = zend_hash_str_find_ptr(&ce->function_table, lcname, lcname_len)) == NULL) {
efree(lcname);
zend_throw_exception_ex(reflection_exception_ptr, 0,
@ -3031,7 +3020,6 @@ ZEND_METHOD(reflection_method, __construct)
&& (mptr = zend_get_closure_invoke_method(Z_OBJ_P(orig_obj))) != NULL)
{
/* do nothing, mptr already set */
_fix_closure_prototype(mptr);
} else if ((mptr = zend_hash_str_find_ptr(&ce->function_table, lcname, name_len)) == NULL) {
efree(lcname);
zend_throw_exception_ex(reflection_exception_ptr, 0,
@ -4154,7 +4142,6 @@ ZEND_METHOD(reflection_class, getMethod)
{
/* don't assign closure_object since we only reflect the invoke handler
method and not the closure definition itself */
_fix_closure_prototype(mptr);
reflection_method_factory(ce, mptr, NULL, return_value);
efree(lc_name);
} else if (ce == zend_ce_closure && Z_ISUNDEF(intern->obj) && (name_len == sizeof(ZEND_INVOKE_FUNC_NAME)-1)
@ -4162,7 +4149,6 @@ ZEND_METHOD(reflection_class, getMethod)
&& object_init_ex(&obj_tmp, ce) == SUCCESS && (mptr = zend_get_closure_invoke_method(Z_OBJ(obj_tmp))) != NULL) {
/* don't assign closure_object since we only reflect the invoke handler
method and not the closure definition itself */
_fix_closure_prototype(mptr);
reflection_method_factory(ce, mptr, NULL, return_value);
zval_dtor(&obj_tmp);
efree(lc_name);
@ -4189,7 +4175,6 @@ static void _addmethod(zend_function *mptr, zend_class_entry *ce, zval *retval,
&& memcmp(ZSTR_VAL(mptr->common.function_name), ZEND_INVOKE_FUNC_NAME, sizeof(ZEND_INVOKE_FUNC_NAME)-1) == 0
&& (closure = zend_get_closure_invoke_method(Z_OBJ_P(obj))) != NULL)
{
_fix_closure_prototype(closure);
mptr = closure;
}
/* don't assign closure_object since we only reflect the invoke handler
@ -4241,7 +4226,6 @@ ZEND_METHOD(reflection_class, getMethods)
if (Z_TYPE(intern->obj) != IS_UNDEF && instanceof_function(ce, zend_ce_closure)) {
zend_function *closure = zend_get_closure_invoke_method(Z_OBJ(intern->obj));
if (closure) {
_fix_closure_prototype(closure);
_addmethod(closure, ce, return_value, filter, &intern->obj);
_free_function(closure);
}