Don't use scope when validating Attribute

This is not safe to do at this point. Even if we made it safe,
we'd see inconsistencies due to a partially compiled class.

Fixes oss-fuzz #28129.

diff --git a/Zend/tests/attributes/032_attribute_validation_scope.phpt b/Zend/tests/attributes/032_attribute_validation_scope.phpt
new file mode 100644 (file)
index 0000000..039a427
--- /dev/null
+++ b/Zend/tests/attributes/032_attribute_validation_scope.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Validation for "Attribute" does not use a scope when evaluating constant ASTs
+--FILE--
+<?php
+#[Attribute(parent::x)]
+class x extends y {}
+?>
+--EXPECTF--
+Fatal error: Cannot access "parent" when no class scope is active in %s on line %d

diff --git a/Zend/zend_attributes.c b/Zend/zend_attributes.c
index 29a2f4a73254686036a8097ba2f7f117495379af..ae07802b5bcb5f383974fed2be9ee923cce47a93 100644 (file)
--- a/Zend/zend_attributes.c
+++ b/Zend/zend_attributes.c
@@ -33,7 +33,10 @@ void validate_attribute(zend_attribute *attr, uint32_t target, zend_class_entry
        if (attr->argc > 0) {
                zval flags;
 
-               if (FAILURE == zend_get_attribute_value(&flags, attr, 0, scope)) {
+               /* As this is run in the middle of compilation, fetch the attribute value without
+                * specifying a scope. The class is not fully linked yet, and we may seen an
+                * inconsistent state. */
+               if (FAILURE == zend_get_attribute_value(&flags, attr, 0, NULL)) {
                        return;
                }