PHPC-1839 Fix accessing referenced non-interned strings

Author: alcaeus

src/contrib/php_array_api.h

@@ -281,8 +281,12 @@ PHP_ARRAY_FETCH_TYPE_MAP(zend_bool, bool)
  */
 static inline
 PAA_LONG php_array_zval_to_long(zval *z) {
+try_again:
 	if (!z) { return 0; }
 	switch(Z_TYPE_P(z)) {
+		case IS_REFERENCE:
+			z = Z_REFVAL_P(z);
+			goto try_again;
 		case IS_NULL: return 0;
 #ifdef ZEND_ENGINE_3
 		case IS_FALSE: return 0;
@@ -315,8 +319,12 @@ PHP_ARRAY_FETCH_TYPE_MAP(PAA_LONG, long)
  */
 static inline
 double php_array_zval_to_double(zval *z) {
+try_again:
 	if (!z) { return 0.0; }
 	switch (Z_TYPE_P(z)) {
+		case IS_REFERENCE:
+			z = Z_REFVAL_P(z);
+			goto try_again;
 		case IS_NULL: return 0.0;
 #ifdef ZEND_ENGINE_3
 		case IS_FALSE: return 0.0;
@@ -357,10 +365,14 @@ static inline
 char *php_array_zval_to_string(zval *z, int *plen, zend_bool *pfree) {
 	*plen = 0;
 	*pfree = 0;
+try_again:
 	if (!z) { return NULL; }
 	switch (Z_TYPE_P(z)) {
 		case IS_NULL:
 			return (char *)"";
+		case IS_REFERENCE:
+			z = Z_REFVAL_P(z);
+			goto try_again;
 		case IS_STRING:
 			*plen = Z_STRLEN_P(z);
 			return Z_STRVAL_P(z);

tests/cursor/bug1839-001.phpt

@@ -0,0 +1,54 @@
+--TEST--
+PHPC-1839: Referenced, out-of-scope, non-interned string in typeMap
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_live(); ?>
+<?php skip_if_not_clean(); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+function createTypemap()
+{
+    // Assemble the string so as to not have an interned string
+    $rootValue = chr(ord('a')) . 'rray';
+    $documentValue = chr(ord('a')) . 'rray';
+
+    // Use a reference to this non-interned string in the type map
+    $typemap = ['root' => &$rootValue, 'document' => &$documentValue];
+
+    return $typemap;
+}
+
+$typemap = createTypemap();
+
+$manager = new MongoDB\Driver\Manager(URI);
+$cursor = $manager->executeQuery(NS, new MongoDB\Driver\Query([]));
+
+echo "Before:\n";
+debug_zval_dump($typemap);
+
+$cursor->setTypemap($typemap);
+
+echo "After:\n";
+debug_zval_dump($typemap);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+Before:
+array(2) refcount(2){
+  ["root"]=>
+  string(5) "array" refcount(1)
+  ["document"]=>
+  string(5) "array" refcount(1)
+}
+After:
+array(2) refcount(2){
+  ["root"]=>
+  string(5) "array" refcount(1)
+  ["document"]=>
+  string(5) "array" refcount(1)
+}
+===DONE===

tests/cursor/bug1839-002.phpt

@@ -0,0 +1,46 @@
+--TEST--
+PHPC-1839: Referenced local non-interned string in typeMap
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_live(); ?>
+<?php skip_if_not_clean(); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+// Assemble the string so as to not have an interned string
+$rootValue = chr(ord('a')) . 'rray';
+$documentValue = chr(ord('a')) . 'rray';
+
+$typemap = ['root' => &$rootValue, 'document' => &$documentValue];
+
+$manager = new MongoDB\Driver\Manager(URI);
+$cursor = $manager->executeQuery(NS, new MongoDB\Driver\Query([]));
+
+echo "Before:\n";
+debug_zval_dump($typemap);
+
+$cursor->setTypemap($typemap);
+
+echo "After:\n";
+debug_zval_dump($typemap);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+Before:
+array(2) refcount(2){
+  ["root"]=>
+  &string(5) "array" refcount(1)
+  ["document"]=>
+  &string(5) "array" refcount(1)
+}
+After:
+array(2) refcount(2){
+  ["root"]=>
+  &string(5) "array" refcount(1)
+  ["document"]=>
+  &string(5) "array" refcount(1)
+}
+===DONE===

tests/cursor/bug1839-003.phpt

@@ -0,0 +1,52 @@
+--TEST--
+PHPC-1839: Referenced, out-of-scope interned string in typeMap
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_live(); ?>
+<?php skip_if_not_clean(); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+function createTypemap()
+{
+    $rootValue = 'array';
+    $documentValue = 'array';
+
+    $typemap = ['root' => &$rootValue, 'document' => &$documentValue];
+
+    return $typemap;
+}
+
+$typemap = createTypemap();
+
+$manager = new MongoDB\Driver\Manager(URI);
+$cursor = $manager->executeQuery(NS, new MongoDB\Driver\Query([]));
+
+echo "Before:\n";
+debug_zval_dump($typemap);
+
+$cursor->setTypemap($typemap);
+
+echo "After:\n";
+debug_zval_dump($typemap);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+Before:
+array(2) refcount(2){
+  ["root"]=>
+  string(5) "array" refcount(1)
+  ["document"]=>
+  string(5) "array" refcount(1)
+}
+After:
+array(2) refcount(2){
+  ["root"]=>
+  string(5) "array" refcount(1)
+  ["document"]=>
+  string(5) "array" refcount(1)
+}
+===DONE===

tests/cursor/bug1839-004.phpt

@@ -0,0 +1,45 @@
+--TEST--
+PHPC-1839: Non-referenced interned string in typeMap
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; ?>
+<?php skip_if_not_live(); ?>
+<?php skip_if_not_clean(); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$rootValue = 'array';
+$documentValue = 'array';
+
+$typemap = ['root' => &$rootValue, 'document' => &$documentValue];
+
+$manager = new MongoDB\Driver\Manager(URI);
+$cursor = $manager->executeQuery(NS, new MongoDB\Driver\Query([]));
+
+echo "Before:\n";
+debug_zval_dump($typemap);
+
+$cursor->setTypemap($typemap);
+
+echo "After:\n";
+debug_zval_dump($typemap);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+Before:
+array(2) refcount(2){
+  ["root"]=>
+  &string(5) "array" refcount(1)
+  ["document"]=>
+  &string(5) "array" refcount(1)
+}
+After:
+array(2) refcount(2){
+  ["root"]=>
+  &string(5) "array" refcount(1)
+  ["document"]=>
+  &string(5) "array" refcount(1)
+}
+===DONE===