Fix GH-21770: Infinite recursion in property hook getter in opcache preloaded trait#21788
Open
iliaal wants to merge 1 commit intophp:PHP-8.4from
Open
Fix GH-21770: Infinite recursion in property hook getter in opcache preloaded trait#21788iliaal wants to merge 1 commit intophp:PHP-8.4from
iliaal wants to merge 1 commit intophp:PHP-8.4from
Conversation
…e preloaded trait preload_fix_trait_op_array rewrites the clone op_array from its original after optimization, preserving function_name, scope, fn_flags, prototype, and static_variables. For trait-cloned property hooks, it also needs to preserve prop_info: zend_do_traits_property_binding set it to the using class's property, but the reset pointed it back at the trait's property. That mismatch caused zend_is_in_hook to miss the self-access check inside the hook, recursing into the getter/setter instead of reading or writing the backing store. Closes phpGH-21770
Contributor
Author
|
@iluuu1994 Just got around to validating my take on it, a bit late since I saw you assigned it to yourself, hopefully proves useful and doesn't duplicate too much effort |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #21770.
preload_fix_trait_op_arrayrewrites trait-cloned op_arrays from their original after optimization and preserves a short allowlist of per-clone fields: function_name, scope, fn_flags, prototype, static_variables. For trait-cloned property hooks,prop_infois also per-clone.zend_do_traits_property_bindingpoints it at the using class's property, andzend_is_in_hookrelies on that identity to detect backing-store access from inside the hook. Without restoringprop_info, the rewrite pointed it back at the trait's property, prototypes mismatched, and reading or writing the backing store from inside the hook recursed into the hook instead.Restoring
prop_infoalongside the other preserved fields fixes the mismatch and the runaway recursion.