Merge branch 'PHP-8.3'

iluuu1994 · iluuu1994 · commit 30acbba2cad4 · 2023-12-01T16:50:56.000+01:00
* PHP-8.3:
  Fix leak of call-&gt;extra_named_params on internal __call
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
@@ -8887,6 +8887,9 @@ ZEND_VM_HANDLER(158, ZEND_CALL_TRAMPOLINE, ANY, ANY, SPEC(OBSERVER))
 		EG(current_execute_data) = call->prev_execute_data;
 
 		zend_vm_stack_free_args(call);
+		if (UNEXPECTED(call_info & ZEND_CALL_HAS_EXTRA_NAMED_PARAMS)) {
+			zend_free_extra_named_params(call->extra_named_params);
+		}
 		if (ret == &retval) {
 			zval_ptr_dtor(ret);
 		}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
diff --git a/ext/zend_test/test.c b/ext/zend_test/test.c
@@ -70,6 +70,7 @@ static zend_class_entry *zend_test_ns2_ns_foo_class;
 static zend_class_entry *zend_test_unit_enum;
 static zend_class_entry *zend_test_string_enum;
 static zend_class_entry *zend_test_int_enum;
+static zend_class_entry *zend_test_magic_call;
 static zend_object_handlers zend_test_class_handlers;
 
 static int le_throwing_resource;
@@ -962,6 +963,24 @@ static ZEND_METHOD(ZendTestForbidDynamicCall, callStatic)
 	zend_forbid_dynamic_call();
 }
 
+static ZEND_METHOD(_ZendTestMagicCall, __call)
+{
+	zend_string *name;
+	zval *arguments;
+
+	ZEND_PARSE_PARAMETERS_START(2, 2)
+		Z_PARAM_STR(name)
+		Z_PARAM_ARRAY(arguments)
+	ZEND_PARSE_PARAMETERS_END();
+
+	zval name_zv;
+	ZVAL_STR(&name_zv, name);
+
+	zend_string_addref(name);
+	Z_TRY_ADDREF_P(arguments);
+	RETURN_ARR(zend_new_pair(&name_zv, arguments));
+}
+
 PHP_INI_BEGIN()
 	STD_PHP_INI_BOOLEAN("zend_test.replace_zend_execute_ex", "0", PHP_INI_SYSTEM, OnUpdateBool, replace_zend_execute_ex, zend_zend_test_globals, zend_test_globals)
 	STD_PHP_INI_BOOLEAN("zend_test.register_passes", "0", PHP_INI_SYSTEM, OnUpdateBool, register_passes, zend_zend_test_globals, zend_test_globals)
@@ -1146,6 +1165,8 @@ PHP_MINIT_FUNCTION(zend_test)
 	zend_test_string_enum = register_class_ZendTestStringEnum();
 	zend_test_int_enum = register_class_ZendTestIntEnum();
 
+	zend_test_magic_call = register_class__ZendTestMagicCall();
+
 	zend_register_functions(NULL, ext_function_legacy, NULL, EG(current_module)->type);
 
 	// Loading via dl() not supported with the observer API
diff --git a/ext/zend_test/test.stub.php b/ext/zend_test/test.stub.php
@@ -57,6 +57,11 @@ static public function variadicTest(string|Iterator ...$elements) : static {}
         public function takesUnionType(stdclass|Iterator $arg): void {}
     }
 
+    class _ZendTestMagicCall
+    {
+        public function __call(string $name, array $args): mixed {}
+    }
+
     class _ZendTestChildClass extends _ZendTestClass
     {
         public function returnsThrowable(): Exception {}
diff --git a/ext/zend_test/test_arginfo.h b/ext/zend_test/test_arginfo.h
diff --git a/ext/zend_test/tests/internal_magic_call.phpt b/ext/zend_test/tests/internal_magic_call.phpt
@@ -0,0 +1,23 @@
+--TEST--
+GH-12835: call->extra_named_params leaks on internal __call
+--EXTENSIONS--
+zend_test
+--FILE--
+<?php
+$obj = new _ZendTestMagicCall;
+var_dump($obj->test('a', 'b', c: 'c'));
+?>
+--EXPECT--
+array(2) {
+  [0]=>
+  string(4) "test"
+  [1]=>
+  array(3) {
+    [0]=>
+    string(1) "a"
+    [1]=>
+    string(1) "b"
+    ["c"]=>
+    string(1) "c"
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -8887,6 +8887,9 @@ ZEND_VM_HANDLER(158, ZEND_CALL_TRAMPOLINE, ANY, ANY, SPEC(OBSERVER))`
`8887`	`8887`	`EG(current_execute_data) = call->prev_execute_data;`
`8888`	`8888`
`8889`	`8889`	`zend_vm_stack_free_args(call);`
	`8890`	`+ if (UNEXPECTED(call_info & ZEND_CALL_HAS_EXTRA_NAMED_PARAMS)) {`
	`8891`	`+ zend_free_extra_named_params(call->extra_named_params);`
	`8892`	`+ }`
`8890`	`8893`	`if (ret == &retval) {`
`8891`	`8894`	`zval_ptr_dtor(ret);`
`8892`	`8895`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,11 @@ static public function variadicTest(string\|Iterator ...$elements) : static {}`
`57`	`57`	`public function takesUnionType(stdclass\|Iterator $arg): void {}`
`58`	`58`	`}`
`59`	`59`
	`60`	`+ class _ZendTestMagicCall`
	`61`	`+ {`
	`62`	`+ public function __call(string $name, array $args): mixed {}`
	`63`	`+ }`
	`64`	`+`
`60`	`65`	`class _ZendTestChildClass extends _ZendTestClass`
`61`	`66`	`{`
`62`	`67`	`public function returnsThrowable(): Exception {}`