Cleanup

Author: iluuu1994

Zend/tests/readonly_props/cpp_reassign_through_function.phpt

@@ -0,0 +1,30 @@
+--TEST--
+Promoted readonly property reassignment through plain function should error
+--FILE--
+<?php
+
+class C {
+    public function __construct(public readonly int $prop) {
+        set($this);
+    }
+
+    public function set() {
+        $this->prop++;
+    }
+}
+
+function set($c) {
+    try {
+        $c->set();
+    } catch (Error $e) {
+        echo $e::class, ': ', $e->getMessage(), "\n";
+    }
+}
+
+$c = new C(42);
+var_dump($c->prop);
+
+?>
+--EXPECT--
+Error: Cannot modify readonly property C::$prop
+int(42)

Zend/zend_execute.c

@@ -1071,22 +1071,9 @@ ZEND_API bool zend_never_inline zend_verify_property_type(const zend_property_in
 static zend_never_inline zval* zend_assign_to_typed_prop(const zend_property_info *info, zval *property_val, zval *value, zend_refcounted **garbage_ptr EXECUTE_DATA_DC)
 {
 	zval tmp;
-	zend_readonly_write_kind readonly_write_kind = ZEND_READONLY_WRITE_FORBIDDEN;
-
-	if (UNEXPECTED(info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
-		if (info->flags & ZEND_ACC_READONLY) {
-			readonly_write_kind = zend_get_readonly_write_kind(property_val, info);
-		}
-		if ((info->flags & ZEND_ACC_READONLY)
-		 && (readonly_write_kind == ZEND_READONLY_WRITE_FORBIDDEN
-		     || zend_is_foreign_cpp_overwrite(property_val, info))) {
-			zend_readonly_property_modification_error(info);
-			return &EG(uninitialized_zval);
-		}
-		if (info->flags & ZEND_ACC_PPP_SET_MASK && !zend_asymmetric_property_has_set_access(info)) {
-			zend_asymmetric_visibility_property_modification_error(info, "modify");
-			return &EG(uninitialized_zval);
-		}
+	zend_property_write_kind prop_write_kind = zend_verify_readonly_and_avis(property_val, info, false);
+	if (prop_write_kind == ZEND_PROPERTY_WRITE_FORBIDDEN) {
+		return &EG(uninitialized_zval);
 	}
 
 	ZVAL_DEREF(value);
@@ -1097,11 +1084,7 @@ static zend_never_inline zval* zend_assign_to_typed_prop(const zend_property_inf
 		return &EG(uninitialized_zval);
 	}
 
-	if (readonly_write_kind == ZEND_READONLY_WRITE_REINITABLE) {
-		Z_PROP_FLAG_P(property_val) &= ~IS_PROP_REINITABLE;
-	} else if (readonly_write_kind == ZEND_READONLY_WRITE_CTOR_REASSIGNED) {
-		Z_PROP_FLAG_P(property_val) |= IS_PROP_CTOR_REASSIGNED;
-	}
+	zend_property_write_commit(property_val, prop_write_kind);
 
 	return zend_assign_to_variable_ex(property_val, &tmp, IS_TMP_VAR, EX_USES_STRICT_TYPES(), garbage_ptr);
 }

Zend/zend_execute.h

@@ -595,132 +595,87 @@ static zend_always_inline bool zend_scope_is_derived_from(
 	return false;
 }
 
-static zend_always_inline bool zend_has_active_derived_ctor_with_promoted_property(
-	const zend_execute_data *ex, zend_object *obj, const zend_property_info *prop_info)
-{
-	for (const zend_execute_data *prev = ex->prev_execute_data; prev != NULL; prev = prev->prev_execute_data) {
-		if (!(ZEND_CALL_INFO(prev) & ZEND_CALL_HAS_THIS)
-		 || !(prev->func->common.fn_flags & ZEND_ACC_CTOR)
-		 || Z_OBJ(prev->This) != obj) {
-			continue;
-		}
-
-		zend_class_entry *scope = prev->func->common.scope;
-		if (scope == NULL || !zend_scope_is_derived_from(scope, ex->func->common.scope)) {
-			continue;
-		}
-
-		zend_property_info *scope_prop = (zend_property_info *) zend_hash_find_ptr(
-			&scope->properties_info, prop_info->name);
-		if (scope_prop != NULL
-		 && (scope_prop->flags & (ZEND_ACC_READONLY | ZEND_ACC_PROMOTED))
-			== (ZEND_ACC_READONLY | ZEND_ACC_PROMOTED)) {
-			return true;
-		}
-	}
-
-	return false;
-}
-
 static zend_always_inline bool zend_has_active_ctor_with_promoted_property(
 	const zend_execute_data *ex, zend_object *obj, zend_string *property_name)
 {
 	for (const zend_execute_data *frame = ex; frame != NULL; frame = frame->prev_execute_data) {
-		if (!(ZEND_CALL_INFO(frame) & ZEND_CALL_HAS_THIS)
-		 || !(frame->func->common.fn_flags & ZEND_ACC_CTOR)
-		 || Z_OBJ(frame->This) != obj) {
+		if (!(ZEND_CALL_INFO(frame) & ZEND_CALL_HAS_THIS) || Z_OBJ(frame->This) != obj) {
+			return false;
+		}
+		if (!(frame->func->common.fn_flags & ZEND_ACC_CTOR)) {
 			continue;
 		}
 
 		zend_class_entry *scope = frame->func->common.scope;
-		if (scope == NULL) {
-			continue;
-		}
+		ZEND_ASSERT(scope);
 
-		zend_property_info *scope_prop = (zend_property_info *) zend_hash_find_ptr(
-			&scope->properties_info, property_name);
-		if (scope_prop != NULL
-		 && (scope_prop->flags & (ZEND_ACC_READONLY | ZEND_ACC_PROMOTED))
-			== (ZEND_ACC_READONLY | ZEND_ACC_PROMOTED)) {
-			return true;
-		}
+		zend_property_info *scope_prop = (zend_property_info *) zend_hash_find_ptr(&scope->properties_info, property_name);
+		ZEND_ASSERT(scope_prop);
+		return scope_prop->ce == scope && (scope_prop->flags & (ZEND_ACC_READONLY|ZEND_ACC_PROMOTED)) == (ZEND_ACC_READONLY|ZEND_ACC_PROMOTED);
 	}
 
 	return false;
 }
 
-static zend_always_inline bool zend_is_promoted_readonly_ctor_init_assign(
-	const zend_execute_data *ex, const zend_property_info *prop_info)
-{
-	if (ex == NULL
-	 || ex->opline == NULL
-	 || !((ex->opline->opcode == ZEND_ASSIGN_OBJ || ex->opline->opcode == ZEND_ASSIGN_OBJ_REF)
-	  && (ex->opline->extended_value & ZEND_ASSIGN_OBJ_PROMOTED_READONLY_INIT))) {
-		return false;
-	}
-	if (!(ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_THIS)) {
-		return false;
-	}
-	return zend_has_active_ctor_with_promoted_property(ex, Z_OBJ(ex->This), prop_info->name);
-}
-
-static zend_always_inline zend_object *zend_property_owner_from_slot(
-	const zval *property_val, const zend_property_info *prop_info)
-{
-	return (zend_object *) ((char *) property_val - prop_info->offset);
-}
-
-typedef enum _zend_readonly_write_kind {
-	ZEND_READONLY_WRITE_FORBIDDEN = 0, /* Write disallowed, or no special flag update needed */
-	ZEND_READONLY_WRITE_REINITABLE,    /* Clone reinit window: clear IS_PROP_REINITABLE after write */
-	ZEND_READONLY_WRITE_CTOR_REASSIGNED, /* CPP ctor reassignment: set IS_PROP_CTOR_REASSIGNED after write */
-} zend_readonly_write_kind;
+typedef enum _zend_property_write_kind {
+	ZEND_PROPERTY_WRITE_FORBIDDEN = 0,            /* Write disallowed */
+	ZEND_PROPERTY_WRITE_OK,                       /* Write allowed */
+	ZEND_PROPERTY_WRITE_READONLY_REINITABLE,      /* Clone reinit window: clear IS_PROP_REINITABLE after write */
+	ZEND_PROPERTY_WRITE_READONLY_CTOR_REASSIGNED, /* CPP ctor reassignment: set IS_PROP_CTOR_REASSIGNED after write */
+} zend_property_write_kind;
 
-static zend_always_inline zend_readonly_write_kind zend_get_readonly_write_kind(
+static zend_always_inline zend_property_write_kind zend_get_readonly_write_kind(
 	const zval *property_val, const zend_property_info *prop_info)
 {
 	if (Z_PROP_FLAG_P(property_val) & IS_PROP_REINITABLE) {
-		return ZEND_READONLY_WRITE_REINITABLE;
+		return ZEND_PROPERTY_WRITE_READONLY_REINITABLE;
 	}
 	if (Z_PROP_FLAG_P(property_val) & IS_PROP_CTOR_REASSIGNED) {
-		return ZEND_READONLY_WRITE_FORBIDDEN;
+		return ZEND_PROPERTY_WRITE_FORBIDDEN;
 	}
 	zend_execute_data *ex = EG(current_execute_data);
-	if (ex == NULL
-	 || !(ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_THIS)
-	 || !zend_has_active_ctor_with_promoted_property(ex, Z_OBJ(ex->This), prop_info->name)
-	 || zend_property_owner_from_slot(property_val, prop_info) != Z_OBJ(ex->This)
-	 || (ex->opline != NULL
-	     && (ex->opline->opcode == ZEND_ASSIGN_OBJ || ex->opline->opcode == ZEND_ASSIGN_OBJ_REF)
-	     && (ex->opline->extended_value & ZEND_ASSIGN_OBJ_PROMOTED_READONLY_INIT))) {
-		return ZEND_READONLY_WRITE_FORBIDDEN;
+	if (ex == NULL || !(ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_THIS)) {
+		return ZEND_PROPERTY_WRITE_FORBIDDEN;
 	}
-	return ZEND_READONLY_WRITE_CTOR_REASSIGNED;
+	zend_object *obj = zend_get_object_from_slot(property_val, prop_info);
+	if (!zend_has_active_ctor_with_promoted_property(ex, obj, prop_info->name)
+	 || (ex->opline
+	  && (ex->opline->opcode == ZEND_ASSIGN_OBJ || ex->opline->opcode == ZEND_ASSIGN_OBJ_REF)
+	  && (ex->opline->extended_value & ZEND_ASSIGN_OBJ_PROMOTED_READONLY_INIT))) {
+		return ZEND_PROPERTY_WRITE_FORBIDDEN;
+	}
+	return ZEND_PROPERTY_WRITE_READONLY_CTOR_REASSIGNED;
 }
 
-/* Check if a foreign constructor is attempting a CPP initial assignment on an
- * already-initialized property owned by a different class (e.g., child has CPP
- * for $x, parent's CPP also tries to set $x on the child's object). */
-static zend_always_inline bool zend_is_foreign_cpp_overwrite(
-	const zval *property_val, const zend_property_info *prop_info)
+static zend_always_inline zend_property_write_kind zend_verify_readonly_and_avis(
+	zval *property_val, const zend_property_info *info, bool indirect)
 {
-	if (Z_PROP_FLAG_P(property_val) & IS_PROP_UNINIT) {
-		return false;
-	}
-	zend_execute_data *ex = EG(current_execute_data);
-	if (!ex
-	 || !(ex->func->common.fn_flags & ZEND_ACC_CTOR)
-	 || !(ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_THIS)) {
-		return false;
-	}
-	if ((prop_info->flags & ZEND_ACC_PROMOTED) && ex->func->common.scope != prop_info->ce) {
-		return true;
+	if (UNEXPECTED(info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
+		zend_property_write_kind prop_write_kind = ZEND_PROPERTY_WRITE_OK;
+		if ((info->flags & ZEND_ACC_READONLY) && !Z_ISUNDEF_P(property_val)) {
+			prop_write_kind = zend_get_readonly_write_kind(property_val, info);
+			if (prop_write_kind == ZEND_PROPERTY_WRITE_FORBIDDEN) {
+				zend_readonly_property_modification_error(info);
+				return ZEND_PROPERTY_WRITE_FORBIDDEN;
+			}
+		}
+		if ((info->flags & ZEND_ACC_PPP_SET_MASK) && !zend_asymmetric_property_has_set_access(info)) {
+			const char *operation = indirect ? "indirectly modify" : "modify";
+			zend_asymmetric_visibility_property_modification_error(info, operation);
+			return ZEND_PROPERTY_WRITE_FORBIDDEN;
+		}
+		return prop_write_kind;
 	}
-	if (!(prop_info->flags & ZEND_ACC_PROMOTED)
-	 && zend_has_active_derived_ctor_with_promoted_property(ex, Z_OBJ(ex->This), prop_info)) {
-		return true;
+	return ZEND_PROPERTY_WRITE_OK;
+}
+
+static zend_always_inline void zend_property_write_commit(zval *property_val, zend_property_write_kind kind)
+{
+	if (kind == ZEND_PROPERTY_WRITE_READONLY_REINITABLE) {
+		Z_PROP_FLAG_P(property_val) &= ~IS_PROP_REINITABLE;
+	} else if (kind == ZEND_PROPERTY_WRITE_READONLY_CTOR_REASSIGNED) {
+		Z_PROP_FLAG_P(property_val) |= IS_PROP_CTOR_REASSIGNED;
 	}
-	return false;
 }
 
 ZEND_API bool zend_verify_class_constant_type(const zend_class_constant *c, const zend_string *name, zval *constant);

Zend/zend_object_handlers.c

@@ -1049,14 +1049,13 @@ ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zva
 	uintptr_t property_offset;
 	const zend_property_info *prop_info = NULL;
 	uint32_t *guard = NULL;
-	zend_readonly_write_kind readonly_write_kind = ZEND_READONLY_WRITE_FORBIDDEN;
 	ZEND_ASSERT(!Z_ISREF_P(value));
 
 	property_offset = zend_get_property_offset(zobj->ce, name, (zobj->ce->__set != NULL), cache_slot, &prop_info);
 
 	if (EXPECTED(IS_VALID_PROPERTY_OFFSET(property_offset))) {
-try_again:
-		readonly_write_kind = ZEND_READONLY_WRITE_FORBIDDEN;
+try_again:;
+		zend_property_write_kind prop_write_kind = ZEND_PROPERTY_WRITE_OK;
 		variable_ptr = OBJ_PROP(zobj, property_offset);
 
 		if (prop_info && UNEXPECTED(prop_info->flags & (ZEND_ACC_READONLY|ZEND_ACC_PPP_SET_MASK))) {
@@ -1068,19 +1067,8 @@ ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zva
 				error = (*guard) & IN_SET;
 			}
 			if (error) {
-				if ((prop_info->flags & ZEND_ACC_READONLY) && Z_TYPE_P(variable_ptr) != IS_UNDEF) {
-					readonly_write_kind = zend_get_readonly_write_kind(variable_ptr, prop_info);
-				}
-				if ((prop_info->flags & ZEND_ACC_READONLY)
-				 && Z_TYPE_P(variable_ptr) != IS_UNDEF
-				 && (readonly_write_kind == ZEND_READONLY_WRITE_FORBIDDEN
-				     || zend_is_foreign_cpp_overwrite(variable_ptr, prop_info))) {
-					zend_readonly_property_modification_error(prop_info);
-					variable_ptr = &EG(error_zval);
-					goto exit;
-				}
-				if ((prop_info->flags & ZEND_ACC_PPP_SET_MASK) && !zend_asymmetric_property_has_set_access(prop_info)) {
-					zend_asymmetric_visibility_property_modification_error(prop_info, "modify");
+				prop_write_kind = zend_verify_readonly_and_avis(variable_ptr, prop_info, false);
+				if (prop_write_kind == ZEND_PROPERTY_WRITE_FORBIDDEN) {
 					variable_ptr = &EG(error_zval);
 					goto exit;
 				}
@@ -1118,11 +1106,7 @@ found:;
 			variable_ptr = zend_assign_to_variable_ex(
 				variable_ptr, value, IS_TMP_VAR, property_uses_strict_types(), &garbage);
 
-			if (readonly_write_kind == ZEND_READONLY_WRITE_REINITABLE) {
-				Z_PROP_FLAG_P(variable_ptr) &= ~IS_PROP_REINITABLE;
-			} else if (readonly_write_kind == ZEND_READONLY_WRITE_CTOR_REASSIGNED) {
-				Z_PROP_FLAG_P(variable_ptr) |= IS_PROP_CTOR_REASSIGNED;
-			}
+			zend_property_write_commit(variable_ptr, prop_write_kind);
 
 			if (garbage) {
 				if (GC_DELREF(garbage) == 0) {

Zend/zend_objects_API.h

@@ -137,6 +137,11 @@ static inline zend_property_info *zend_get_typed_property_info_for_slot(zend_obj
 	return NULL;
 }
 
+static zend_always_inline zend_object *zend_get_object_from_slot(const zval *slot, const zend_property_info *prop_info)
+{
+	return (zend_object *)((char *)slot - prop_info->offset);
+}
+
 static zend_always_inline bool zend_check_method_accessible(const zend_function *fn, const zend_class_entry *scope)
 {
 	if (!(fn->common.fn_flags & ZEND_ACC_PUBLIC)