MFH: fix #40794 (ReflectionObject::getValues() may crash when used with dynamic prope...

diff --git a/NEWS b/NEWS
index 7978cf354f534b678ccbff3c463daa4f7d663efe..3c468c2b53b209f115b88689b6018c77423cac6b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,8 @@ PHP                                                                        NEWS
   set_exception_handler() might result in crash). (Tony)
 - Fixed bug #40805 (Failure executing function ibase_execute()). (Tony)
 - Fixed bug #40800 (cannot disable memory_limit with -1). (Dmitry, Tony)
+- Fixed bug #40794 (ReflectionObject::getValues() may crash when used with 
+  dynamic properties). (Tony)
 - Fixed bug #40784 (Case sensivity in constructor's fallback). (Tony)
 - Fixed bug #40770 (Apache child exits when PHP memory limit reached). (Dmitry)
 - Fixed bug #40764 (line thickness not respected for horizontal and vertical 

diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
index 82d9e92b4ddaa7b0ccaabe46b7f35e58d748c818..f974d53f4cf08e3361aa2e66667eecf14bb18a4c 100644 (file)
--- a/ext/reflection/php_reflection.c
+++ b/ext/reflection/php_reflection.c
@@ -179,7 +179,7 @@ static void string_free(string *str)
 /* Struct for properties */
 typedef struct _property_reference {
        zend_class_entry *ce;
-       zend_property_info *prop;
+       zend_property_info prop;
 } property_reference;
 
 /* Struct for parameters */
@@ -1166,7 +1166,7 @@ static void reflection_property_factory(zend_class_entry *ce, zend_property_info
        intern = (reflection_object *) zend_object_store_get_object(object TSRMLS_CC);
        reference = (property_reference*) emalloc(sizeof(property_reference));
        reference->ce = ce;
-       reference->prop = prop;
+       reference->prop = *prop;
        intern->ptr = reference;
        intern->free_ptr = 1;
        intern->ce = ce;
@@ -3203,7 +3203,7 @@ static int _adddynproperty(zval **pptr, int num_args, va_list args, zend_hash_ke
 
        ZVAL_STRINGL(&member, hash_key->arKey, hash_key->nKeyLength-1, 0);
        if (zend_get_property_info(ce, &member, 1 TSRMLS_CC) == &EG(std_property_info)) {
-               ALLOC_ZVAL(property);
+               MAKE_STD_ZVAL(property);
                reflection_property_factory(ce, &EG(std_property_info), property TSRMLS_CC);
                add_next_index_zval(retval, property);
        }
@@ -3842,7 +3842,7 @@ ZEND_METHOD(reflection_property, __construct)
 
        reference = (property_reference*) emalloc(sizeof(property_reference));
        reference->ce = ce;
-       reference->prop = property_info;
+       reference->prop = *property_info;
        intern->ptr = reference;
        intern->free_ptr = 1;
        intern->ce = ce;
@@ -3860,7 +3860,7 @@ ZEND_METHOD(reflection_property, __toString)
        METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
        GET_REFLECTION_OBJECT_PTR(ref);
        string_init(&str);
-       _property_string(&str, ref->prop, NULL, "" TSRMLS_CC);
+       _property_string(&str, &ref->prop, NULL, "" TSRMLS_CC);
        RETURN_STRINGL(str.string, str.len - 1, 0);
 }
 /* }}} */
@@ -3881,7 +3881,7 @@ static void _property_check_flag(INTERNAL_FUNCTION_PARAMETERS, int mask)
 
        METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
        GET_REFLECTION_OBJECT_PTR(ref);
-       RETURN_BOOL(ref->prop->flags & mask);
+       RETURN_BOOL(ref->prop.flags & mask);
 }
 
 /* {{{ proto public bool ReflectionProperty::isPublic()
@@ -3934,7 +3934,7 @@ ZEND_METHOD(reflection_property, getModifiers)
        METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
        GET_REFLECTION_OBJECT_PTR(ref);
 
-       RETURN_LONG(ref->prop->flags);
+       RETURN_LONG(ref->prop.flags);
 }
 /* }}} */
 
@@ -3950,7 +3950,7 @@ ZEND_METHOD(reflection_property, getValue)
        METHOD_NOTSTATIC(reflection_property_ptr);
        GET_REFLECTION_OBJECT_PTR(ref);
 
-       if (!(ref->prop->flags & ZEND_ACC_PUBLIC)) {
+       if (!(ref->prop.flags & ZEND_ACC_PUBLIC)) {
                _default_get_entry(getThis(), "name", sizeof("name"), &name TSRMLS_CC);
                zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, 
                        "Cannot access non-public member %s::%s", intern->ce->name, Z_STRVAL(name));
@@ -3958,10 +3958,10 @@ ZEND_METHOD(reflection_property, getValue)
                return;
        }
 
-       if ((ref->prop->flags & ZEND_ACC_STATIC)) {
+       if ((ref->prop.flags & ZEND_ACC_STATIC)) {
                zend_update_class_constants(intern->ce TSRMLS_CC);
-               if (zend_hash_quick_find(CE_STATIC_MEMBERS(intern->ce), ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &member) == FAILURE) {
-                       zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop->name);
+               if (zend_hash_quick_find(CE_STATIC_MEMBERS(intern->ce), ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &member) == FAILURE) {
+                       zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop.name);
                        /* Bails out */
                }
                *return_value= **member;
@@ -3971,7 +3971,7 @@ ZEND_METHOD(reflection_property, getValue)
                if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &object) == FAILURE) {
                        return;
                }
-               member_p = zend_read_property(Z_OBJCE_P(object), object, ref->prop->name, ref->prop->name_length, 1 TSRMLS_CC);
+               member_p = zend_read_property(Z_OBJCE_P(object), object, ref->prop.name, ref->prop.name_length, 1 TSRMLS_CC);
                *return_value= *member_p;
                zval_copy_ctor(return_value);
                INIT_PZVAL(return_value);
@@ -3999,7 +3999,7 @@ ZEND_METHOD(reflection_property, setValue)
        METHOD_NOTSTATIC(reflection_property_ptr);
        GET_REFLECTION_OBJECT_PTR(ref);
 
-       if (!(ref->prop->flags & ZEND_ACC_PUBLIC)) {
+       if (!(ref->prop.flags & ZEND_ACC_PUBLIC)) {
                _default_get_entry(getThis(), "name", sizeof("name"), &name TSRMLS_CC);
                zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, 
                        "Cannot access non-public member %s::%s", intern->ce->name, Z_STRVAL(name));
@@ -4007,7 +4007,7 @@ ZEND_METHOD(reflection_property, setValue)
                return;
        }
 
-       if ((ref->prop->flags & ZEND_ACC_STATIC)) {
+       if ((ref->prop.flags & ZEND_ACC_STATIC)) {
                if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "z", &value) == FAILURE) {
                        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &tmp, &value) == FAILURE) {
                                return;
@@ -4016,8 +4016,8 @@ ZEND_METHOD(reflection_property, setValue)
                zend_update_class_constants(intern->ce TSRMLS_CC);
                prop_table = CE_STATIC_MEMBERS(intern->ce);
 
-               if (zend_hash_quick_find(prop_table, ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &variable_ptr) == FAILURE) {
-                       zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop->name);
+               if (zend_hash_quick_find(prop_table, ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &variable_ptr) == FAILURE) {
+                       zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop.name);
                        /* Bails out */
                }
                if (*variable_ptr == value) {
@@ -4040,13 +4040,13 @@ ZEND_METHOD(reflection_property, setValue)
                        if (PZVAL_IS_REF(value)) {
                                SEPARATE_ZVAL(&value);
                        }
-                       zend_hash_quick_update(prop_table, ref->prop->name, ref->prop->name_length+1, ref->prop->h, &value, sizeof(zval *), (void **) &foo);
+                       zend_hash_quick_update(prop_table, ref->prop.name, ref->prop.name_length+1, ref->prop.h, &value, sizeof(zval *), (void **) &foo);
                }
        } else {
                if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "oz", &object, &value) == FAILURE) {
                        return;
                }
-               zend_update_property(Z_OBJCE_P(object), object, ref->prop->name, ref->prop->name_length, value TSRMLS_CC);
+               zend_update_property(Z_OBJCE_P(object), object, ref->prop.name, ref->prop.name_length, value TSRMLS_CC);
        }
 }
 /* }}} */
@@ -4065,7 +4065,7 @@ ZEND_METHOD(reflection_property, getDeclaringClass)
        METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
        GET_REFLECTION_OBJECT_PTR(ref);
 
-       if (zend_unmangle_property_name(ref->prop->name, ref->prop->name_length, &class_name, &prop_name) != SUCCESS) {
+       if (zend_unmangle_property_name(ref->prop.name, ref->prop.name_length, &class_name, &prop_name) != SUCCESS) {
                RETURN_FALSE;
        }
 
@@ -4093,8 +4093,8 @@ ZEND_METHOD(reflection_property, getDocComment)
 
        METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0);
        GET_REFLECTION_OBJECT_PTR(ref);
-       if (ref->prop->doc_comment) {
-               RETURN_STRINGL(ref->prop->doc_comment, ref->prop->doc_comment_len, 1);
+       if (ref->prop.doc_comment) {
+               RETURN_STRINGL(ref->prop.doc_comment, ref->prop.doc_comment_len, 1);
        }
        RETURN_FALSE;
 }