Enforce types when writing to mysqli dynamic properties

nikic · nikic · commit d905e7748337 · 2021-04-13T15:30:56.000+02:00
Previously this just assumed that the value was of a certain type.

I'm doing this in a generic way that checks against the declared
property type -- the handler function can then assume the value
to be of the correct type.
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
@@ -287,61 +287,56 @@ static int mysqli_read_na(mysqli_object *obj, zval *retval, bool quiet)
 }
 /* }}} */
 
-/* {{{ mysqli_write_na */
-static int mysqli_write_na(mysqli_object *obj, zval *newval)
-{
-	zend_throw_error(NULL, "Cannot write property");
-
-	return FAILURE;
-}
-/* }}} */
-
 /* {{{ mysqli_read_property */
 zval *mysqli_read_property(zend_object *object, zend_string *name, int type, void **cache_slot, zval *rv)
 {
-	zval *retval;
-	mysqli_object *obj;
-	mysqli_prop_handler *hnd = NULL;
-
-	obj = php_mysqli_fetch_object(object);
-
-	if (obj->prop_handler != NULL) {
-		hnd = zend_hash_find_ptr(obj->prop_handler, name);
-	}
-
-	if (hnd) {
-		if (hnd->read_func(obj, rv, type == BP_VAR_IS) == SUCCESS) {
-			retval = rv;
-		} else {
-			retval = &EG(uninitialized_zval);
+	mysqli_object *obj = php_mysqli_fetch_object(object);
+	if (obj->prop_handler) {
+		mysqli_prop_handler *hnd = zend_hash_find_ptr(obj->prop_handler, name);
+		if (hnd) {
+			if (hnd->read_func(obj, rv, type == BP_VAR_IS) == SUCCESS) {
+				return rv;
+			} else {
+				return &EG(uninitialized_zval);
+			}
 		}
-	} else {
-		retval = zend_std_read_property(object, name, type, cache_slot, rv);
 	}
 
-	return retval;
+	return zend_std_read_property(object, name, type, cache_slot, rv);
 }
 /* }}} */
 
 /* {{{ mysqli_write_property */
 zval *mysqli_write_property(zend_object *object, zend_string *name, zval *value, void **cache_slot)
 {
-	mysqli_object *obj;
-	mysqli_prop_handler *hnd = NULL;
-
-	obj = php_mysqli_fetch_object(object);
-
-	if (obj->prop_handler != NULL) {
-		hnd = zend_hash_find_ptr(obj->prop_handler, name);
-	}
+	mysqli_object *obj = php_mysqli_fetch_object(object);
+	if (obj->prop_handler) {
+		const mysqli_prop_handler *hnd = zend_hash_find_ptr(obj->prop_handler, name);
+		if (hnd) {
+			if (!hnd->write_func) {
+				zend_throw_error(NULL, "Cannot write read-only property %s::$%s",
+					ZSTR_VAL(object->ce->name), ZSTR_VAL(name));
+				return &EG(error_zval);
+			}
 
-	if (hnd) {
-		hnd->write_func(obj, value);
-	} else {
-		value = zend_std_write_property(object, name, value, cache_slot);
+			zend_property_info *prop = zend_get_property_info(object->ce, name, /* silent */ true);
+			if (prop && ZEND_TYPE_IS_SET(prop->type)) {
+				zval tmp;
+				ZVAL_COPY(&tmp, value);
+				if (!zend_verify_property_type(prop, &tmp,
+							ZEND_CALL_USES_STRICT_TYPES(EG(current_execute_data)))) {
+					zval_ptr_dtor(&tmp);
+					return &EG(error_zval);
+				}
+				hnd->write_func(obj, &tmp);
+				zval_ptr_dtor(&tmp);
+			} else {
+				hnd->write_func(obj, value);
+			}
+			return value;
+		}
 	}
-
-	return value;
+	return zend_std_write_property(object, name, value, cache_slot);
 }
 /* }}} */
 
@@ -351,7 +346,7 @@ void mysqli_add_property(HashTable *h, const char *pname, size_t pname_len, mysq
 
 	p.name = zend_string_init_interned(pname, pname_len, 1);
 	p.read_func = (r_func) ? r_func : mysqli_read_na;
-	p.write_func = (w_func) ? w_func : mysqli_write_na;
+	p.write_func = w_func;
 	zend_hash_add_mem(h, p.name, &p, sizeof(mysqli_prop_handler));
 	zend_string_release_ex(p.name, 1);
 }
diff --git a/ext/mysqli/mysqli.stub.php b/ext/mysqli/mysqli.stub.php
@@ -10,11 +10,9 @@ final class mysqli_driver
 
     public int $driver_version;
 
-    /** @var bool */
-    public $reconnect = false;
+    public bool $reconnect = false;
 
-    /** @var int */
-    public $report_mode = 0;
+    public int $report_mode = 0;
 }
 
 class mysqli
diff --git a/ext/mysqli/mysqli_arginfo.h b/ext/mysqli/mysqli_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: b9583854314bc54295c1e1a4ec7f6b8c0ce6187c */
+ * Stub hash: 1c01e60c65f87e4f59435c3712296137d265dfdc */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_mysqli_affected_rows, 0, 1, MAY_BE_LONG|MAY_BE_STRING)
 	ZEND_ARG_OBJ_INFO(0, mysql, mysqli, 0)
@@ -1069,13 +1069,13 @@ static zend_class_entry *register_class_mysqli_driver(void)
 	zval property_reconnect_default_value;
 	ZVAL_BOOL(&property_reconnect_default_value, 0);
 	zend_string *property_reconnect_name = zend_string_init("reconnect", sizeof("reconnect") - 1, 1);
-	zend_declare_property_ex(class_entry, property_reconnect_name, &property_reconnect_default_value, ZEND_ACC_PUBLIC, NULL);
+	zend_declare_typed_property(class_entry, property_reconnect_name, &property_reconnect_default_value, ZEND_ACC_PUBLIC, NULL, (zend_type) ZEND_TYPE_INIT_MASK(MAY_BE_BOOL));
 	zend_string_release(property_reconnect_name);
 
 	zval property_report_mode_default_value;
 	ZVAL_LONG(&property_report_mode_default_value, 0);
 	zend_string *property_report_mode_name = zend_string_init("report_mode", sizeof("report_mode") - 1, 1);
-	zend_declare_property_ex(class_entry, property_report_mode_name, &property_report_mode_default_value, ZEND_ACC_PUBLIC, NULL);
+	zend_declare_typed_property(class_entry, property_report_mode_name, &property_report_mode_default_value, ZEND_ACC_PUBLIC, NULL, (zend_type) ZEND_TYPE_INIT_MASK(MAY_BE_LONG));
 	zend_string_release(property_report_mode_name);
 
 	return class_entry;
