From: Antony Dovgal Date: Sat, 17 Mar 2007 23:00:49 +0000 (+0000) Subject: MFH: fix #40794 (ReflectionObject::getValues() may crash when used with dynamic prope... X-Git-Tag: php-5.2.2RC1~131 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8e67ec8225b8a734b36ab6e74b6c18bf19deaf88;p=php MFH: fix #40794 (ReflectionObject::getValues() may crash when used with dynamic properties) --- diff --git a/NEWS b/NEWS index 7978cf354f..3c468c2b53 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,8 @@ PHP NEWS set_exception_handler() might result in crash). (Tony) - Fixed bug #40805 (Failure executing function ibase_execute()). (Tony) - Fixed bug #40800 (cannot disable memory_limit with -1). (Dmitry, Tony) +- Fixed bug #40794 (ReflectionObject::getValues() may crash when used with + dynamic properties). (Tony) - Fixed bug #40784 (Case sensivity in constructor's fallback). (Tony) - Fixed bug #40770 (Apache child exits when PHP memory limit reached). (Dmitry) - Fixed bug #40764 (line thickness not respected for horizontal and vertical diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 82d9e92b4d..f974d53f4c 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -179,7 +179,7 @@ static void string_free(string *str) /* Struct for properties */ typedef struct _property_reference { zend_class_entry *ce; - zend_property_info *prop; + zend_property_info prop; } property_reference; /* Struct for parameters */ @@ -1166,7 +1166,7 @@ static void reflection_property_factory(zend_class_entry *ce, zend_property_info intern = (reflection_object *) zend_object_store_get_object(object TSRMLS_CC); reference = (property_reference*) emalloc(sizeof(property_reference)); reference->ce = ce; - reference->prop = prop; + reference->prop = *prop; intern->ptr = reference; intern->free_ptr = 1; intern->ce = ce; @@ -3203,7 +3203,7 @@ static int _adddynproperty(zval **pptr, int num_args, va_list args, zend_hash_ke ZVAL_STRINGL(&member, hash_key->arKey, hash_key->nKeyLength-1, 0); if (zend_get_property_info(ce, &member, 1 TSRMLS_CC) == &EG(std_property_info)) { - ALLOC_ZVAL(property); + MAKE_STD_ZVAL(property); reflection_property_factory(ce, &EG(std_property_info), property TSRMLS_CC); add_next_index_zval(retval, property); } @@ -3842,7 +3842,7 @@ ZEND_METHOD(reflection_property, __construct) reference = (property_reference*) emalloc(sizeof(property_reference)); reference->ce = ce; - reference->prop = property_info; + reference->prop = *property_info; intern->ptr = reference; intern->free_ptr = 1; intern->ce = ce; @@ -3860,7 +3860,7 @@ ZEND_METHOD(reflection_property, __toString) METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0); GET_REFLECTION_OBJECT_PTR(ref); string_init(&str); - _property_string(&str, ref->prop, NULL, "" TSRMLS_CC); + _property_string(&str, &ref->prop, NULL, "" TSRMLS_CC); RETURN_STRINGL(str.string, str.len - 1, 0); } /* }}} */ @@ -3881,7 +3881,7 @@ static void _property_check_flag(INTERNAL_FUNCTION_PARAMETERS, int mask) METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0); GET_REFLECTION_OBJECT_PTR(ref); - RETURN_BOOL(ref->prop->flags & mask); + RETURN_BOOL(ref->prop.flags & mask); } /* {{{ proto public bool ReflectionProperty::isPublic() @@ -3934,7 +3934,7 @@ ZEND_METHOD(reflection_property, getModifiers) METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0); GET_REFLECTION_OBJECT_PTR(ref); - RETURN_LONG(ref->prop->flags); + RETURN_LONG(ref->prop.flags); } /* }}} */ @@ -3950,7 +3950,7 @@ ZEND_METHOD(reflection_property, getValue) METHOD_NOTSTATIC(reflection_property_ptr); GET_REFLECTION_OBJECT_PTR(ref); - if (!(ref->prop->flags & ZEND_ACC_PUBLIC)) { + if (!(ref->prop.flags & ZEND_ACC_PUBLIC)) { _default_get_entry(getThis(), "name", sizeof("name"), &name TSRMLS_CC); zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, "Cannot access non-public member %s::%s", intern->ce->name, Z_STRVAL(name)); @@ -3958,10 +3958,10 @@ ZEND_METHOD(reflection_property, getValue) return; } - if ((ref->prop->flags & ZEND_ACC_STATIC)) { + if ((ref->prop.flags & ZEND_ACC_STATIC)) { zend_update_class_constants(intern->ce TSRMLS_CC); - if (zend_hash_quick_find(CE_STATIC_MEMBERS(intern->ce), ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &member) == FAILURE) { - zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop->name); + if (zend_hash_quick_find(CE_STATIC_MEMBERS(intern->ce), ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &member) == FAILURE) { + zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop.name); /* Bails out */ } *return_value= **member; @@ -3971,7 +3971,7 @@ ZEND_METHOD(reflection_property, getValue) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "o", &object) == FAILURE) { return; } - member_p = zend_read_property(Z_OBJCE_P(object), object, ref->prop->name, ref->prop->name_length, 1 TSRMLS_CC); + member_p = zend_read_property(Z_OBJCE_P(object), object, ref->prop.name, ref->prop.name_length, 1 TSRMLS_CC); *return_value= *member_p; zval_copy_ctor(return_value); INIT_PZVAL(return_value); @@ -3999,7 +3999,7 @@ ZEND_METHOD(reflection_property, setValue) METHOD_NOTSTATIC(reflection_property_ptr); GET_REFLECTION_OBJECT_PTR(ref); - if (!(ref->prop->flags & ZEND_ACC_PUBLIC)) { + if (!(ref->prop.flags & ZEND_ACC_PUBLIC)) { _default_get_entry(getThis(), "name", sizeof("name"), &name TSRMLS_CC); zend_throw_exception_ex(reflection_exception_ptr, 0 TSRMLS_CC, "Cannot access non-public member %s::%s", intern->ce->name, Z_STRVAL(name)); @@ -4007,7 +4007,7 @@ ZEND_METHOD(reflection_property, setValue) return; } - if ((ref->prop->flags & ZEND_ACC_STATIC)) { + if ((ref->prop.flags & ZEND_ACC_STATIC)) { if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "z", &value) == FAILURE) { if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &tmp, &value) == FAILURE) { return; @@ -4016,8 +4016,8 @@ ZEND_METHOD(reflection_property, setValue) zend_update_class_constants(intern->ce TSRMLS_CC); prop_table = CE_STATIC_MEMBERS(intern->ce); - if (zend_hash_quick_find(prop_table, ref->prop->name, ref->prop->name_length + 1, ref->prop->h, (void **) &variable_ptr) == FAILURE) { - zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop->name); + if (zend_hash_quick_find(prop_table, ref->prop.name, ref->prop.name_length + 1, ref->prop.h, (void **) &variable_ptr) == FAILURE) { + zend_error(E_ERROR, "Internal error: Could not find the property %s::%s", intern->ce->name, ref->prop.name); /* Bails out */ } if (*variable_ptr == value) { @@ -4040,13 +4040,13 @@ ZEND_METHOD(reflection_property, setValue) if (PZVAL_IS_REF(value)) { SEPARATE_ZVAL(&value); } - zend_hash_quick_update(prop_table, ref->prop->name, ref->prop->name_length+1, ref->prop->h, &value, sizeof(zval *), (void **) &foo); + zend_hash_quick_update(prop_table, ref->prop.name, ref->prop.name_length+1, ref->prop.h, &value, sizeof(zval *), (void **) &foo); } } else { if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "oz", &object, &value) == FAILURE) { return; } - zend_update_property(Z_OBJCE_P(object), object, ref->prop->name, ref->prop->name_length, value TSRMLS_CC); + zend_update_property(Z_OBJCE_P(object), object, ref->prop.name, ref->prop.name_length, value TSRMLS_CC); } } /* }}} */ @@ -4065,7 +4065,7 @@ ZEND_METHOD(reflection_property, getDeclaringClass) METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0); GET_REFLECTION_OBJECT_PTR(ref); - if (zend_unmangle_property_name(ref->prop->name, ref->prop->name_length, &class_name, &prop_name) != SUCCESS) { + if (zend_unmangle_property_name(ref->prop.name, ref->prop.name_length, &class_name, &prop_name) != SUCCESS) { RETURN_FALSE; } @@ -4093,8 +4093,8 @@ ZEND_METHOD(reflection_property, getDocComment) METHOD_NOTSTATIC_NUMPARAMS(reflection_property_ptr, 0); GET_REFLECTION_OBJECT_PTR(ref); - if (ref->prop->doc_comment) { - RETURN_STRINGL(ref->prop->doc_comment, ref->prop->doc_comment_len, 1); + if (ref->prop.doc_comment) { + RETURN_STRINGL(ref->prop.doc_comment, ref->prop.doc_comment_len, 1); } RETURN_FALSE; }