php-src/Zend/tests/is_callable_trampoline_uaf.phpt
Rowan Tommins af15923bc3
Extend deprecation notices to is_callable($foo) and callable $foo
Implements https://wiki.php.net/rfc/partially-supported-callables-expand-deprecation-notices
so that uses of "self" and "parent" in is_callable() and callable
type constraints now raise a deprecation notice, independent of the
one raised when and if the callable is actually invoked.

A new flag is added to the existing check_flags parameter of
zend_is_callable / zend_is_callable_ex, for use in internal calls
that would otherwise repeat the notice multiple times. In particular,
arguments to internal function calls are checked first based on
arginfo, and then again during ZPP, so the former suppresses the
deprecation notice.

Some existing tests which raised this deprecation have been updated
to avoid the syntax, but the existing version retained for maximum
regression coverage until it is made an error.

With thanks to Juliette Reinders Folmer for the RFC and initial
investigation.

Closes GH-8823.
2022-07-14 17:07:42 +02:00

28 lines
454 B
PHP

--TEST--
is_callable() with trampoline should not caused UAF
--FILE--
<?php
class B {}
class A extends B {
public function bar($func) {
var_dump(is_callable(array('B', 'foo')));
}
public function __call($func, $args) {
}
}
class X {
public static function __callStatic($func, $args) {
}
}
$a = new A();
// Extra X::foo() wrapper to force use of allocated trampoline.
X::foo($a->bar('foo'));
?>
--EXPECT--
bool(false)