Fix GH-17745: zlib extension incorrectly handles object arguments

Because of the "H" modifier in ZPP, there are two bugs:

1) The stub is wrong and will cause a crash in debug mode.
2) Non-dynamic properties are not read correctly because they are not
   DEINDIRECTed.

Closes GH-17750.

Author: nielsdos

NEWS

@@ -38,6 +38,10 @@ PHP                                                                        NEWS
 - Streams:
   . Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
 
+- Zlib:
+  . Fixed bug GH-17745 (zlib extension incorrectly handles object arguments).
+    (nielsdos)
+
 13 Feb 2025, PHP 8.3.17
 
 - Core:

ext/zlib/tests/gh17745.phpt

@@ -0,0 +1,20 @@
+--TEST--
+GH-17745 (zlib extension incorrectly handles object arguments)
+--EXTENSIONS--
+zlib
+--FILE--
+<?php
+$obj = new stdClass;
+$obj->level = 3;
+var_dump(deflate_init(ZLIB_ENCODING_RAW, $obj));
+
+class Options {
+    public int $level = 3;
+}
+var_dump(deflate_init(ZLIB_ENCODING_RAW, new Options));
+?>
+--EXPECT--
+object(DeflateContext)#2 (0) {
+}
+object(DeflateContext)#3 (0) {
+}

ext/zlib/zlib.c

@@ -790,6 +790,7 @@ static bool zlib_create_dictionary_string(HashTable *options, char **dict, size_
 	zval *option_buffer;
 
 	if (options && (option_buffer = zend_hash_str_find(options, ZEND_STRL("dictionary"))) != NULL) {
+		ZVAL_DEINDIRECT(option_buffer);
 		ZVAL_DEREF(option_buffer);
 		switch (Z_TYPE_P(option_buffer)) {
 			case IS_STRING: {
@@ -870,6 +871,7 @@ PHP_FUNCTION(inflate_init)
 	}
 
 	if (options && (option_buffer = zend_hash_str_find(options, ZEND_STRL("window"))) != NULL) {
+		ZVAL_DEINDIRECT(option_buffer);
 		window = zval_get_long(option_buffer);
 	}
 	if (window < 8 || window > 15) {
@@ -1088,6 +1090,7 @@ PHP_FUNCTION(deflate_init)
 	}
 
 	if (options && (option_buffer = zend_hash_str_find(options, ZEND_STRL("level"))) != NULL) {
+		ZVAL_DEINDIRECT(option_buffer);
 		level = zval_get_long(option_buffer);
 	}
 	if (level < -1 || level > 9) {
@@ -1096,6 +1099,7 @@ PHP_FUNCTION(deflate_init)
 	}
 
 	if (options && (option_buffer = zend_hash_str_find(options, ZEND_STRL("memory"))) != NULL) {
+		ZVAL_DEINDIRECT(option_buffer);
 		memory = zval_get_long(option_buffer);
 	}
 	if (memory < 1 || memory > 9) {
@@ -1104,6 +1108,7 @@ PHP_FUNCTION(deflate_init)
 	}
 
 	if (options && (option_buffer = zend_hash_str_find(options, ZEND_STRL("window"))) != NULL) {
+		ZVAL_DEINDIRECT(option_buffer);
 		window = zval_get_long(option_buffer);
 	}
 	if (window < 8 || window > 15) {
@@ -1112,6 +1117,7 @@ PHP_FUNCTION(deflate_init)
 	}
 
 	if (options && (option_buffer = zend_hash_str_find(options, ZEND_STRL("strategy"))) != NULL) {
+		ZVAL_DEINDIRECT(option_buffer);
 		strategy = zval_get_long(option_buffer);
 	}
 	switch (strategy) {

ext/zlib/zlib.stub.php

@@ -270,11 +270,11 @@ function gzread($stream, int $length): string|false {}
  */
 function gzgets($stream, ?int $length = null): string|false {}
 
-function deflate_init(int $encoding, array $options = []): DeflateContext|false {}
+function deflate_init(int $encoding, array|object $options = []): DeflateContext|false {}
 
 function deflate_add(DeflateContext $context, string $data, int $flush_mode = ZLIB_SYNC_FLUSH): string|false {}
 
-function inflate_init(int $encoding, array $options = []): InflateContext|false {}
+function inflate_init(int $encoding, array|object $options = []): InflateContext|false {}
 
 function inflate_add(InflateContext $context, string $data, int $flush_mode = ZLIB_SYNC_FLUSH): string|false {}