Add mode for verifying internal function params

Author: nikic

Zend/zend_execute.c

@@ -4268,6 +4268,44 @@ static zend_never_inline int ZEND_FASTCALL zend_quick_check_constant(
 	return _zend_quick_get_constant(key, 0, 1 OPLINE_CC EXECUTE_DATA_CC);
 } /* }}} */
 
+/* Replace optional parameters that weren't passed with their declared default values,
+ * which allows us to check that this does not change the behavior of the function. */
+#define ZEND_VERIFY_INTERNAL_PARAM_DEFAULTS 1
+#if ZEND_VERIFY_INTERNAL_PARAM_DEFAULTS
+static void zend_verify_internal_param_defaults(zend_execute_data **call_ptr) {
+	zend_function *fbc = (*call_ptr)->func;
+	uint32_t num_passed_args = ZEND_CALL_NUM_ARGS(*call_ptr);
+	if (num_passed_args < fbc->common.required_num_args) {
+		/* This is an error anyway. */
+		return;
+	}
+
+	uint32_t num_declared_args = fbc->common.num_args;
+	while (num_passed_args < num_declared_args) {
+		zend_internal_arg_info *arg_info = &fbc->internal_function.arg_info[num_passed_args];
+		zval default_value;
+		if (zend_get_default_from_internal_arg_info(&default_value, arg_info) == FAILURE) {
+			/* Default value not available, so we can't pass any further defaults either. */
+			return;
+		}
+
+		if (Z_TYPE(default_value) == IS_CONSTANT_AST) {
+			zval_update_constant_ex(&default_value, fbc->common.scope);
+		}
+
+		zend_vm_stack_extend_call_frame(call_ptr, num_passed_args, 1);
+		zval *arg = ZEND_CALL_VAR_NUM(*call_ptr, num_passed_args);
+		ZVAL_COPY_VALUE(arg, &default_value);
+		if (ARG_SHOULD_BE_SENT_BY_REF(fbc, num_passed_args + 1)) {
+			ZVAL_MAKE_REF(arg);
+		}
+
+		num_passed_args++;
+		ZEND_CALL_NUM_ARGS(*call_ptr)++;
+	}
+}
+#endif
+
 #if defined(ZEND_VM_IP_GLOBAL_REG) && ((ZEND_VM_KIND == ZEND_VM_KIND_CALL) || (ZEND_VM_KIND == ZEND_VM_KIND_HYBRID))
 /* Special versions of functions that sets EX(opline) before calling zend_vm_stack_extend() */
 static zend_always_inline zend_execute_data *_zend_vm_stack_push_call_frame_ex(uint32_t used_stack, uint32_t call_info, zend_function *func, uint32_t num_args, void *object_or_called_scope) /* {{{ */

Zend/zend_vm_def.h

@@ -3858,8 +3858,11 @@ ZEND_VM_HOT_HANDLER(129, ZEND_DO_ICALL, ANY, ANY, SPEC(RETVAL))
 	zval retval;
 
 	SAVE_OPLINE();
-	EX(call) = call->prev_execute_data;
+#if ZEND_VERIFY_INTERNAL_PARAM_DEFAULTS
+	zend_verify_internal_param_defaults(&call);
+#endif
 
+	EX(call) = call->prev_execute_data;
 	call->prev_execute_data = execute_data;
 	EG(current_execute_data) = call;
 

Zend/zend_vm_execute.h

@@ -1221,8 +1221,11 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_ICALL_SPEC_RETV
 	zval retval;
 
 	SAVE_OPLINE();
-	EX(call) = call->prev_execute_data;
+#if ZEND_VERIFY_INTERNAL_PARAM_DEFAULTS
+	zend_verify_internal_param_defaults(&call);
+#endif
 
+	EX(call) = call->prev_execute_data;
 	call->prev_execute_data = execute_data;
 	EG(current_execute_data) = call;
 
@@ -1273,8 +1276,11 @@ static ZEND_VM_HOT ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DO_ICALL_SPEC_RETV
 	zval retval;
 
 	SAVE_OPLINE();
-	EX(call) = call->prev_execute_data;
+#if ZEND_VERIFY_INTERNAL_PARAM_DEFAULTS
+	zend_verify_internal_param_defaults(&call);
+#endif
 
+	EX(call) = call->prev_execute_data;
 	call->prev_execute_data = execute_data;
 	EG(current_execute_data) = call;