Merge branch 'master' of github.com:php/php-src

Author: derickr

Zend/tests/gh9136.phpt

@@ -0,0 +1,10 @@
+--TEST--
+GH-9136: Assertion when fetching property of magic constant in constant expression
+--FILE--
+<?php
+
+const C = __file__->foo;
+
+?>
+--EXPECTF--
+Warning: Attempt to read property "foo" on string in %s on line %d

Zend/tests/gh9138.phpt

@@ -0,0 +1,11 @@
+--TEST--
+GH-9138: NULL pointer dereference when fetching property of "bad" list in constant expression
+--FILE--
+<?php
+
+#[Attribute([,]->e)]
+class Foo {}
+
+?>
+--EXPECTF--
+Fatal error: Cannot use empty array elements in arrays in %s on line %d

Zend/zend_closures.c

@@ -121,7 +121,6 @@ ZEND_METHOD(Closure, call)
 	zend_closure *closure;
 	zend_fcall_info fci;
 	zend_fcall_info_cache fci_cache;
-	zend_function my_function;
 	zend_object *newobj;
 	zend_class_entry *newclass;
 
@@ -142,55 +141,71 @@ ZEND_METHOD(Closure, call)
 		return;
 	}
 
+	fci_cache.called_scope = newclass;
+	fci_cache.object = fci.object = newobj;
+
+	fci.size = sizeof(fci);
+	ZVAL_OBJ(&fci.function_name, &closure->std);
+	ZVAL_UNDEF(&closure_result);
+	fci.retval = &closure_result;
+
 	if (closure->func.common.fn_flags & ZEND_ACC_GENERATOR) {
 		zval new_closure;
 		zend_create_closure(&new_closure, &closure->func, newclass, closure->called_scope, newthis);
 		closure = (zend_closure *) Z_OBJ(new_closure);
 		fci_cache.function_handler = &closure->func;
+
+		zend_call_function(&fci, &fci_cache);
+
+		/* copied upon generator creation */
+		GC_DELREF(&closure->std);
 	} else {
-		memcpy(&my_function, &closure->func, closure->func.type == ZEND_USER_FUNCTION ? sizeof(zend_op_array) : sizeof(zend_internal_function));
-		my_function.common.fn_flags &= ~ZEND_ACC_CLOSURE;
+		zend_function *my_function;
+		if (ZEND_USER_CODE(closure->func.type)) {
+			my_function = emalloc(sizeof(zend_op_array));
+			memcpy(my_function, &closure->func, sizeof(zend_op_array));
+		} else {
+			my_function = emalloc(sizeof(zend_internal_function));
+			memcpy(my_function, &closure->func, sizeof(zend_internal_function));
+		}
+		my_function->common.fn_flags &= ~ZEND_ACC_CLOSURE;
 		/* use scope of passed object */
-		my_function.common.scope = newclass;
+		my_function->common.scope = newclass;
 		if (closure->func.type == ZEND_INTERNAL_FUNCTION) {
-			my_function.internal_function.handler = closure->orig_internal_handler;
+			my_function->internal_function.handler = closure->orig_internal_handler;
 		}
-		fci_cache.function_handler = &my_function;
+		fci_cache.function_handler = my_function;
 
 		/* Runtime cache relies on bound scope to be immutable, hence we need a separate rt cache in case scope changed */
-		if (ZEND_USER_CODE(my_function.type)
+		if (ZEND_USER_CODE(my_function->type)
 		 && (closure->func.common.scope != newclass
 		  || (closure->func.common.fn_flags & ZEND_ACC_HEAP_RT_CACHE))) {
 			void *ptr;
 
-			my_function.op_array.fn_flags |= ZEND_ACC_HEAP_RT_CACHE;
-			ptr = emalloc(my_function.op_array.cache_size);
-			ZEND_MAP_PTR_INIT(my_function.op_array.run_time_cache, ptr);
-			memset(ptr, 0, my_function.op_array.cache_size);
+			my_function->op_array.fn_flags |= ZEND_ACC_HEAP_RT_CACHE;
+			ptr = emalloc(my_function->op_array.cache_size);
+			ZEND_MAP_PTR_INIT(my_function->op_array.run_time_cache, ptr);
+			memset(ptr, 0, my_function->op_array.cache_size);
 		}
-	}
 
-	fci_cache.called_scope = newclass;
-	fci_cache.object = fci.object = newobj;
+		zend_call_function(&fci, &fci_cache);
 
-	fci.size = sizeof(fci);
-	ZVAL_OBJ(&fci.function_name, &closure->std);
-	fci.retval = &closure_result;
+		if (ZEND_USER_CODE(my_function->type)) {
+			if (fci_cache.function_handler->common.fn_flags & ZEND_ACC_HEAP_RT_CACHE) {
+				efree(ZEND_MAP_PTR(my_function->op_array.run_time_cache));
+			}
+			efree_size(my_function, sizeof(zend_op_array));
+		} else {
+			efree_size(my_function, sizeof(zend_internal_function));
+		}
+	}
 
-	if (zend_call_function(&fci, &fci_cache) == SUCCESS && Z_TYPE(closure_result) != IS_UNDEF) {
+	if (Z_TYPE(closure_result) != IS_UNDEF) {
 		if (Z_ISREF(closure_result)) {
 			zend_unwrap_reference(&closure_result);
 		}
 		ZVAL_COPY_VALUE(return_value, &closure_result);
 	}
-
-	if (fci_cache.function_handler->common.fn_flags & ZEND_ACC_GENERATOR) {
-		/* copied upon generator creation */
-		GC_DELREF(&closure->std);
-	} else if (ZEND_USER_CODE(my_function.type)
-	 && (fci_cache.function_handler->common.fn_flags & ZEND_ACC_HEAP_RT_CACHE)) {
-		efree(ZEND_MAP_PTR(my_function.op_array.run_time_cache));
-	}
 }
 /* }}} */
 

Zend/zend_compile.c

@@ -10616,6 +10616,10 @@ static void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
 		case ZEND_AST_CONST_ENUM_INIT:
 			zend_eval_const_expr(&ast->child[2]);
 			return;
+		case ZEND_AST_PROP:
+			zend_eval_const_expr(&ast->child[0]);
+			zend_eval_const_expr(&ast->child[1]);
+			return;
 		default:
 			return;
 	}

build/gen_stub.php

@@ -533,7 +533,12 @@ public function toOptimizerTypeMask(): string {
     }
 
     public function toEscapedName(): string {
-        return str_replace('\\', '\\\\', $this->name);
+        // Escape backslashes, and also encode \u and \U to avoid compilation errors in generated macros
+        return str_replace(
+            ['\\', '\\u', '\\U'],
+            ['\\\\', '\\\\165', '\\\\125'],
+            $this->name
+        );
     }
 
     public function toVarEscapedName(): string {
@@ -2976,7 +2981,7 @@ private function collectInheritedMembers(
             $parentInfo->collectInheritedMembers(
                 $parentsWithInheritedConstants,
                 $unusedParentsWithInheritedProperties,
-                $parentsWithInheritedMethods,
+                $unusedParentsWithInheritedMethods,
                 $classMap
             );
         }

ext/openssl/openssl.c

@@ -7652,15 +7652,6 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
 	}
 	buffer = zend_string_alloc(buffer_length, 0);
 
-#ifdef PHP_WIN32
-	/* random/urandom equivalent on Windows */
-	if (php_win32_get_random_bytes((unsigned char*)(buffer)->val, (size_t) buffer_length) == FAILURE){
-		zend_string_release_ex(buffer, 0);
-		zend_throw_exception(zend_ce_exception, "Error reading from source device", 0);
-		return NULL;
-	}
-#else
-
 	PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length);
 	PHP_OPENSSL_RAND_ADD_TIME();
 	if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) {
@@ -7670,7 +7661,7 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
 	} else {
 		php_openssl_store_errors();
 	}
-#endif
+
 	return buffer;
 }
 

ext/zend_test/test.c

@@ -43,6 +43,7 @@ static zend_class_entry *zend_test_class_with_method_with_parameter_attribute;
 static zend_class_entry *zend_test_child_class_with_method_with_parameter_attribute;
 static zend_class_entry *zend_test_forbid_dynamic_call;
 static zend_class_entry *zend_test_ns_foo_class;
+static zend_class_entry *zend_test_ns_unlikely_compile_error_class;
 static zend_class_entry *zend_test_ns2_foo_class;
 static zend_class_entry *zend_test_ns2_ns_foo_class;
 static zend_class_entry *zend_test_unit_enum;
@@ -535,6 +536,13 @@ static ZEND_METHOD(ZendTestNS_Foo, method)
 	RETURN_LONG(0);
 }
 
+static ZEND_METHOD(ZendTestNS_UnlikelyCompileError, method)
+{
+	ZEND_PARSE_PARAMETERS_NONE();
+
+	RETURN_NULL();
+}
+
 static ZEND_METHOD(ZendTestNS2_Foo, method)
 {
 	ZEND_PARSE_PARAMETERS_NONE();
@@ -698,6 +706,7 @@ PHP_MINIT_FUNCTION(zend_test)
 	zend_test_forbid_dynamic_call = register_class_ZendTestForbidDynamicCall();
 
 	zend_test_ns_foo_class = register_class_ZendTestNS_Foo();
+	zend_test_ns_unlikely_compile_error_class = register_class_ZendTestNS_UnlikelyCompileError();
 	zend_test_ns2_foo_class = register_class_ZendTestNS2_Foo();
 	zend_test_ns2_ns_foo_class = register_class_ZendTestNS2_ZendSubNS_Foo();
 

ext/zend_test/test.stub.php

@@ -150,6 +150,12 @@ class Foo {
         public function method(): int {}
     }
 
+    class UnlikelyCompileError {
+        /* This method signature would create a compile error due to the string
+         * "ZendTestNS\UnlikelyCompileError" in the generated macro call */
+        public function method(): ?UnlikelyCompileError {}
+    }
+
 }
 
 namespace ZendTestNS2 {

ext/zend_test/test_arginfo.h

@@ -9,6 +9,8 @@ $foo = new \ZendTestNS2\Foo();
 var_dump($foo);
 $foo->foo = new \ZendTestNS2\ZendSubNS\Foo();
 var_dump($foo);
+$foo = new \ZendTestNS\UnlikelyCompileError();
+var_dump($foo);
 ?>
 --EXPECTF--
 object(ZendTestNS2\Foo)#%d (%d) {
@@ -20,3 +22,5 @@ object(ZendTestNS2\Foo)#%d (%d) {
   object(ZendTestNS2\ZendSubNS\Foo)#%d (%d) {
   }
 }
+object(ZendTestNS\UnlikelyCompileError)#%d (%d) {
+}