From: Xinchen Hui <laruence@php.net>
Date: Fri, 16 Dec 2011 19:02:52 +0000 (+0000)
Subject: Fixed bug #60536 (Traits Segfault)
X-Git-Tag: php-5.5.0alpha1~705
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=707f658c33b58841919384b3e204bd10443b44b0;p=php
Fixed bug #60536 (Traits Segfault)
# this is a tough one, I think I should explain
# Zend use zend_object->properties_table both as zval ** and zval ***
# if a zend_object->properties is not initialized, the properties_table is zval **
# while in rebuild_object_properties, zend will store the zval ** to zend_object->properties
# then stash the zval ***(ie, zobj->properties_table[0] is zval ** now) to zobj->properties_table[0]
# so when a zend_object inherit form multi parent and these parent have a same property_info->offset
# properties, will result in a repeat zval **->zval ** transform, which will lead to a segmentfault
# *may be* this fix is not the best fix, we should not use this tricky way, and rewrite this mechanism.
---
diff --git a/Zend/tests/bug60536_001.phpt b/Zend/tests/bug60536_001.phpt
new file mode 100644
index 0000000000..5a7008e393
--- /dev/null
+++ b/Zend/tests/bug60536_001.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Bug #60536 (Traits Segfault)
+--FILE--
+<?php
+trait T { private $x = 0; }
+class X {
+ use T;
+}
+class Y extends X {
+ use T;
+ function x() {
+ return ++$this->x;
+ }
+}
+class Z extends Y {
+ function z() {
+ return ++$this->x;
+ }
+}
+$a = new Z();
+$a->x();
+echo "DONE";
+?>
+--EXPECTF--
+Strict Standards: X and T define the same property ($x) in the composition of Y. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %sbug60536_001.php on line %d
+DONE
diff --git a/Zend/tests/bug60536_002.phpt b/Zend/tests/bug60536_002.phpt
new file mode 100644
index 0000000000..0bca98382e
--- /dev/null
+++ b/Zend/tests/bug60536_002.phpt
@@ -0,0 +1,40 @@
+--TEST--
+The same rules are applied for properties that are defined in the class hierarchy. Thus, if the properties are compatible, a notice is issued, if not a fatal error occures. (relevant with #60536)
+--FILE--
+<?php
+error_reporting(E_ALL | E_STRICT);
+
+class Base {
+ private $hello;
+}
+
+trait THello1 {
+ private $hello;
+}
+
+echo "PRE-CLASS-GUARD\n";
+class Notice extends Base {
+ use THello1;
+ private $hello;
+}
+echo "POST-CLASS-GUARD\n";
+
+// now we do the test for a fatal error
+
+class TraitsTest {
+ use THello1;
+ public $hello;
+}
+
+echo "POST-CLASS-GUARD2\n";
+
+$t = new TraitsTest;
+$t->hello = "foo";
+?>
+--EXPECTF--
+PRE-CLASS-GUARD
+
+Strict Standards: Notice and THello1 define the same property ($hello) in the composition of Notice. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %s on line %d
+POST-CLASS-GUARD
+
+Fatal error: TraitsTest and THello1 define the same property ($hello) in the composition of TraitsTest. However, the definition differs and is considered incompatible. Class was composed in %s on line %d
diff --git a/Zend/tests/bug60536_003.phpt b/Zend/tests/bug60536_003.phpt
new file mode 100644
index 0000000000..8ddca352af
--- /dev/null
+++ b/Zend/tests/bug60536_003.phpt
@@ -0,0 +1,49 @@
+--TEST--
+Private (relevant to #60536)
+--FILE--
+<?php
+error_reporting(E_ALL | E_STRICT);
+
+class BaseWithPropA {
+ private $hello = 0;
+}
+
+trait AHelloProperty {
+ private $hello = 0;
+}
+
+class BaseWithTPropB {
+ use AHelloProperty;
+}
+
+class SubclassA extends BaseWithPropA {
+ use AHelloProperty;
+}
+
+class SubclassB extends BaseWithTPropB {
+ use AHelloProperty;
+}
+
+$a = new SubclassA;
+var_dump($a);
+
+$b = new SubclassB;
+var_dump($b);
+
+?>
+--EXPECTF--
+Strict Standards: BaseWithPropA and AHelloProperty define the same property ($hello) in the composition of SubclassA. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %sbug60536_003.php on line %d
+
+Strict Standards: BaseWithTPropB and AHelloProperty define the same property ($hello) in the composition of SubclassB. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %sbug60536_003.php on line %d
+object(SubclassA)#%d (2) {
+ ["hello":"SubclassA":private]=>
+ int(0)
+ ["hello":"BaseWithPropA":private]=>
+ int(0)
+}
+object(SubclassB)#%d (2) {
+ ["hello":"SubclassB":private]=>
+ int(0)
+ ["hello":"BaseWithTPropB":private]=>
+ int(0)
+}
diff --git a/Zend/tests/bug60536_004.phpt b/Zend/tests/bug60536_004.phpt
new file mode 100644
index 0000000000..4ae326ef7c
--- /dev/null
+++ b/Zend/tests/bug60536_004.phpt
@@ -0,0 +1,39 @@
+--TEST--
+Introducing new private variables of the same name in a subclass is ok, and does not lead to any output. That is consitent with normal inheritance handling. (relevant to #60536)
+--FILE--
+<?php
+error_reporting(E_ALL | E_STRICT);
+
+class Base {
+ private $hello;
+}
+
+trait THello1 {
+ private $hello;
+}
+
+// Now we use the trait, which happens to introduce another private variable
+// but they are distinct, and not related to each other, so no warning.
+echo "PRE-CLASS-GUARD\n";
+class SameNameInSubClassNoNotice extends Base {
+ use THello1;
+}
+echo "POST-CLASS-GUARD\n";
+
+// now the same with a class that defines the property itself,
+// that should give the expected strict warning.
+
+class Notice extends Base {
+ use THello1;
+ private $hello;
+}
+echo "POST-CLASS-GUARD2\n";
+?>
+--EXPECTF--
+PRE-CLASS-GUARD
+
+Strict Standards: Base and THello1 define the same property ($hello) in the composition of SameNameInSubClassNoNotice. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %sbug60536_004.php on line %d
+POST-CLASS-GUARD
+
+Strict Standards: Notice and THello1 define the same property ($hello) in the composition of Notice. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %sbug60536_004.php on line %d
+POST-CLASS-GUARD2
diff --git a/Zend/tests/bug60536_005.phpt b/Zend/tests/bug60536_005.phpt
new file mode 100644
index 0000000000..378adcc9c0
--- /dev/null
+++ b/Zend/tests/bug60536_005.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Introducing new private variables of the same name in a subclass is ok, and does not lead to any output. That is consitent with normal inheritance handling. (relevant to #60536)
+--FILE--
+<?php
+error_reporting(E_ALL | E_STRICT);
+
+class Base {
+ protected $hello;
+}
+
+trait THello1 {
+ protected $hello;
+}
+
+// Protected and public are handle more strict with a warning then what is
+// expected from normal inheritance since they can have easier coliding semantics
+echo "PRE-CLASS-GUARD\n";
+class SameNameInSubClassProducesNotice extends Base {
+ use THello1;
+}
+echo "POST-CLASS-GUARD\n";
+
+// now the same with a class that defines the property itself, too.
+
+class Notice extends Base {
+ use THello1;
+ protected $hello;
+}
+echo "POST-CLASS-GUARD2\n";
+?>
+--EXPECTF--
+PRE-CLASS-GUARD
+
+Strict Standards: Base and THello1 define the same property ($hello) in the composition of SameNameInSubClassProducesNotice. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %s on line %d
+POST-CLASS-GUARD
+
+Strict Standards: Notice and THello1 define the same property ($hello) in the composition of Notice. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %s on line %d
+POST-CLASS-GUARD2
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index b43021dd22..be04bf3565 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -62,6 +62,7 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
ALLOC_HASHTABLE(zobj->properties);
zend_hash_init(zobj->properties, 0, NULL, ZVAL_PTR_DTOR, 0);
if (ce->default_properties_count) {
+ int *flags = ecalloc(ce->default_properties_count, sizeof(int));
for (zend_hash_internal_pointer_reset_ex(&ce->properties_info, &pos);
zend_hash_get_current_data_ex(&ce->properties_info, (void**)&prop_info, &pos) == SUCCESS;
zend_hash_move_forward_ex(&ce->properties_info, &pos)) {
@@ -70,6 +71,7 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
prop_info->offset >= 0 &&
zobj->properties_table[prop_info->offset]) {
zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
+ flags[prop_info->offset] = 1;
}
}
while (ce->parent && ce->parent->default_properties_count) {
@@ -81,11 +83,16 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) /* {{{ */
(prop_info->flags & ZEND_ACC_STATIC) == 0 &&
(prop_info->flags & ZEND_ACC_PRIVATE) != 0 &&
prop_info->offset >= 0 &&
- zobj->properties_table[prop_info->offset]) {
- zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
+ zobj->properties_table[prop_info->offset]) {
+ if (UNEXPECTED(flags[prop_info->offset])) {
+ zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
+ } else {
+ zend_hash_quick_add(zobj->properties, prop_info->name, prop_info->name_length+1, prop_info->h, (void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), (void**)&zobj->properties_table[prop_info->offset]);
+ }
}
}
}
+ efree(flags);
}
}
}