From: Nikita Popov Date: Thu, 18 Feb 2021 09:16:40 +0000 (+0100) Subject: Don't use unmangled name if property not found X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b87080f3c291c1b619d30ea9394a2eb893136006;p=php Don't use unmangled name if property not found This restores the previous behavior for this case. We'll continue to use the mangled name, even if it does not correspond to a declared property. This also fixes an assertion failure for the case of property overwrite, as the add_new was not guaranteed to be "new" previously. Fixes oss-fuzz #31045. --- diff --git a/ext/standard/tests/serialize/unserialize_overwrite_undeclared_protected.phpt b/ext/standard/tests/serialize/unserialize_overwrite_undeclared_protected.phpt new file mode 100644 index 0000000000..b442c922c4 --- /dev/null +++ b/ext/standard/tests/serialize/unserialize_overwrite_undeclared_protected.phpt @@ -0,0 +1,21 @@ +--TEST-- +Overwriting an undeclared property with protected mangling +--FILE-- + +--EXPECT-- +object(Test)#1 (2) { + ["foo"]=> + NULL + ["x":protected]=> + NULL +} diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 5f3b81a77d..56fe1fc784 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -548,18 +548,12 @@ static int is_property_visibility_changed(zend_class_entry *ce, zval *key) } else { if (!strcmp(unmangled_class, "*") || !strcasecmp(unmangled_class, ZSTR_VAL(ce->name))) { - zend_string *unmangled = zend_string_init(unmangled_prop, unmangled_prop_len, 0); - - existing_propinfo = zend_hash_find_ptr(&ce->properties_info, unmangled); + existing_propinfo = zend_hash_str_find_ptr( + &ce->properties_info, unmangled_prop, unmangled_prop_len); if (existing_propinfo != NULL) { - zend_string_release_ex(unmangled, 0); zval_ptr_dtor_str(key); ZVAL_STR_COPY(key, existing_propinfo->name); return 1; - } else { - zval_ptr_dtor_str(key); - ZVAL_STR(key, unmangled); - return 0; } } }