Skip to content

Instantly share code, notes, and snippets.

@ircmaxell

ircmaxell/gist:1947259

Created March 1, 2012 04:24
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ircmaxell/1947259 to your computer and use it in GitHub Desktop.
Save ircmaxell/1947259 to your computer and use it in GitHub Desktop.
Download ZIP
Scalar Casting Patch POC, version 2
Raw
gistfile1.diff
Index: Zend/zend.h
===================================================================
--- Zend/zend.h (revision 322430)
+++ Zend/zend.h (working copy)
@@ -486,6 +486,11 @@
union _zend_function *__call;
union _zend_function *__callstatic;
union _zend_function *__tostring;
+ union _zend_function *__toint;
+ union _zend_function *__tofloat;
+ union _zend_function *__toarray;
+ union _zend_function *__toresource;
+ union _zend_function *__toscalar;
union _zend_function *serialize_func;
union _zend_function *unserialize_func;
Index: Zend/zend_object_handlers.c
===================================================================
--- Zend/zend_object_handlers.c (revision 322430)
+++ Zend/zend_object_handlers.c (working copy)
@@ -1482,6 +1482,57 @@
}
/* }}} */
+ZEND_API int zend_std_cast_object(zval *readobj, zval *writeobj, int type TSRMLS_DC) /* {{{ */
+{
+ zend_class_entry *ce = Z_OBJCE_P(readobj);
+ zval *retval;
+ int status = FAILURE;
+ ALLOC_INIT_ZVAL(retval);
+ switch (type) {
+ case IS_LONG:
+ if (ce->__toint && zend_call_method_with_0_params(&readobj, ce, &ce->__toint, "__toint", &retval)) {
+ status = SUCCESS;
+ }
+ break;
+ case IS_DOUBLE:
+ if (ce->__tofloat && zend_call_method_with_0_params(&readobj, ce, &ce->__tofloat, "__tofloat", &retval)) {
+ status = SUCCESS;
+ }
+ break;
+ case IS_ARRAY:
+ if (ce->__toarray && zend_call_method_with_0_params(&readobj, ce, &ce->__toarray, "__toarray", &retval)) {
+ status = SUCCESS;
+ }
+ break;
+ case IS_RESOURCE:
+ if (ce->__toresource && zend_call_method_with_0_params(&readobj, ce, &ce->__toresource, "__toreasource", &retval)) {
+ status = SUCCESS;
+ }
+ break;
+ }
+ if (status == SUCCESS) {
+ ZVAL_ZVAL(writeobj, retval, 1, 1);
+ zval_dtor(retval);
+ return SUCCESS;
+ }
+ zval_dtor(retval);
+ return zend_std_cast_object_tostring(readobj, writeobj, type TSRMLS_CC);
+}
+/* }}} */
+
+ZEND_API zval *zend_std_cast_object_get(zval *readobj TSRMLS_DC) /* {{{ */
+{
+ zval *retval;
+ zend_class_entry *ce = Z_OBJCE_P(readobj);
+ ALLOC_INIT_ZVAL(retval);
+ if (ce->__toscalar && zend_call_method_with_0_params(&readobj, ce, &ce->__toscalar, "__toscalar", &retval)) {
+ return retval;
+ }
+ ZVAL_NULL(retval);
+ return retval;
+}
+/* }}} */
+
ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int type TSRMLS_DC) /* {{{ */
{
zval *retval;
@@ -1588,25 +1639,25 @@
zend_std_write_property, /* write_property */
zend_std_read_dimension, /* read_dimension */
zend_std_write_dimension, /* write_dimension */
- zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
- NULL, /* get */
- NULL, /* set */
+ zend_std_get_property_ptr_ptr, /* get_property_ptr_ptr */
+ zend_std_cast_object_get, /* get */
+ NULL, /* set */
zend_std_has_property, /* has_property */
zend_std_unset_property, /* unset_property */
zend_std_has_dimension, /* has_dimension */
zend_std_unset_dimension, /* unset_dimension */
zend_std_get_properties, /* get_properties */
zend_std_get_method, /* get_method */
- NULL, /* call_method */
+ NULL, /* call_method */
zend_std_get_constructor, /* get_constructor */
zend_std_object_get_class, /* get_class_entry */
- zend_std_object_get_class_name, /* get_class_name */
+ zend_std_object_get_class_name, /* get_class_name */
zend_std_compare_objects, /* compare_objects */
- zend_std_cast_object_tostring, /* cast_object */
- NULL, /* count_elements */
- NULL, /* get_debug_info */
+ zend_std_cast_object, /* cast_object */
+ NULL, /* count_elements */
+ NULL, /* get_debug_info */
zend_std_get_closure, /* get_closure */
- zend_std_get_gc, /* get_gc */
+ zend_std_get_gc, /* get_gc */
};
/*
Index: Zend/zend_compile.c
===================================================================
--- Zend/zend_compile.c (revision 322430)
+++ Zend/zend_compile.c (working copy)
@@ -1617,7 +1617,28 @@
if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
zend_error(E_WARNING, "The magic method __toString() must have public visibility and cannot be static");
}
+ } else if ((name_len == sizeof(ZEND_TOINT_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOINT_FUNC_NAME, sizeof(ZEND_TOINT_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toint() must have public visibility and cannot be static");
+ }
+ } else if ((name_len == sizeof(ZEND_TOFLOAT_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOFLOAT_FUNC_NAME, sizeof(ZEND_TOFLOAT_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toFloat() must have public visibility and cannot be static");
+ }
+ } else if ((name_len == sizeof(ZEND_TOARRAY_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOARRAY_FUNC_NAME, sizeof(ZEND_TOARRAY_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toArray() must have public visibility and cannot be static");
+ }
+ } else if ((name_len == sizeof(ZEND_TORESOURCE_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TORESOURCE_FUNC_NAME, sizeof(ZEND_TORESOURCE_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toResource() must have public visibility and cannot be static");
+ }
+ } else if ((name_len == sizeof(ZEND_TOSCALAR_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOSCALAR_FUNC_NAME, sizeof(ZEND_TOSCALAR_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toScalar() must have public visibility and cannot be static");
+ }
}
+
} else {
char *class_lcname;
@@ -1668,6 +1689,31 @@
zend_error(E_WARNING, "The magic method __isset() must have public visibility and cannot be static");
}
CG(active_class_entry)->__isset = (zend_function *) CG(active_op_array);
+ } else if ((name_len == sizeof(ZEND_TOINT_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOINT_FUNC_NAME, sizeof(ZEND_TOINT_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toInt() must have public visibility and cannot be static");
+ }
+ CG(active_class_entry)->__toint = (zend_function *) CG(active_op_array);
+ } else if ((name_len == sizeof(ZEND_TOFLOAT_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOFLOAT_FUNC_NAME, sizeof(ZEND_TOFLOAT_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toFloat() must have public visibility and cannot be static");
+ }
+ CG(active_class_entry)->__tofloat = (zend_function *) CG(active_op_array);
+ } else if ((name_len == sizeof(ZEND_TOARRAY_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOARRAY_FUNC_NAME, sizeof(ZEND_TOARRAY_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toArray() must have public visibility and cannot be static");
+ }
+ CG(active_class_entry)->__toarray = (zend_function *) CG(active_op_array);
+ } else if ((name_len == sizeof(ZEND_TORESOURCE_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TORESOURCE_FUNC_NAME, sizeof(ZEND_TORESOURCE_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toResource() must have public visibility and cannot be static");
+ }
+ CG(active_class_entry)->__toresource = (zend_function *) CG(active_op_array);
+ } else if ((name_len == sizeof(ZEND_TOSCALAR_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOSCALAR_FUNC_NAME, sizeof(ZEND_TOSCALAR_FUNC_NAME)-1))) {
+ if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
+ zend_error(E_WARNING, "The magic method __toScalar() must have public visibility and cannot be static");
+ }
+ CG(active_class_entry)->__toscalar = (zend_function *) CG(active_op_array);
} else if ((name_len == sizeof(ZEND_TOSTRING_FUNC_NAME)-1) && (!memcmp(lcname, ZEND_TOSTRING_FUNC_NAME, sizeof(ZEND_TOSTRING_FUNC_NAME)-1))) {
if (fn_flags & ((ZEND_ACC_PPP_MASK | ZEND_ACC_STATIC) ^ ZEND_ACC_PUBLIC)) {
zend_error(E_WARNING, "The magic method __toString() must have public visibility and cannot be static");
@@ -2836,6 +2882,21 @@
if (!ce->__callstatic) {
ce->__callstatic = ce->parent->__callstatic;
}
+ if (!ce->__toint) {
+ ce->__toint = ce->parent->__toint;
+ }
+ if (!ce->__tofloat) {
+ ce->__tofloat = ce->parent->__tofloat;
+ }
+ if (!ce->__toarray) {
+ ce->__toarray = ce->parent->__toarray;
+ }
+ if (!ce->__toresource) {
+ ce->__toresource = ce->parent->__toresource;
+ }
+ if (!ce->__toscalar) {
+ ce->__toscalar = ce->parent->__toscalar;
+ }
if (!ce->__tostring) {
ce->__tostring = ce->parent->__tostring;
}
@@ -3730,6 +3791,16 @@
ce->__unset = fe;
} else if (!strncmp(mname, ZEND_ISSET_FUNC_NAME, mname_len)) {
ce->__isset = fe;
+ } else if (!strncmp(mname, ZEND_TOINT_FUNC_NAME, mname_len)) {
+ ce->__toint = fe;
+ } else if (!strncmp(mname, ZEND_TOFLOAT_FUNC_NAME, mname_len)) {
+ ce->__tofloat = fe;
+ } else if (!strncmp(mname, ZEND_TOARRAY_FUNC_NAME, mname_len)) {
+ ce->__toarray = fe;
+ } else if (!strncmp(mname, ZEND_TORESOURCE_FUNC_NAME, mname_len)) {
+ ce->__toresource = fe;
+ } else if (!strncmp(mname, ZEND_TOSCALAR_FUNC_NAME, mname_len)) {
+ ce->__toscalar = fe;
} else if (!strncmp(mname, ZEND_CALLSTATIC_FUNC_NAME, mname_len)) {
ce->__callstatic = fe;
} else if (!strncmp(mname, ZEND_TOSTRING_FUNC_NAME, mname_len)) {
@@ -6750,6 +6821,11 @@
ce->__isset = NULL;
ce->__call = NULL;
ce->__callstatic = NULL;
+ ce->__toint = NULL;
+ ce->__tofloat = NULL;
+ ce->__toarray = NULL;
+ ce->__toresource = NULL;
+ ce->__toscalar = NULL;
ce->__tostring = NULL;
ce->create_object = NULL;
ce->get_iterator = NULL;
Index: Zend/zend_object_handlers.h
===================================================================
--- Zend/zend_object_handlers.h (revision 322430)
+++ Zend/zend_object_handlers.h (working copy)
@@ -155,6 +155,8 @@
ZEND_API HashTable *zend_std_get_properties(zval *object TSRMLS_DC);
ZEND_API HashTable *zend_std_get_debug_info(zval *object, int *is_temp TSRMLS_DC);
ZEND_API int zend_std_cast_object_tostring(zval *readobj, zval *writeobj, int type TSRMLS_DC);
+ZEND_API int zend_std_cast_object(zval *readobj, zval *writeobj, int type TSRMLS_DC);
+ZEND_API zval *zend_std_cast_object_get(zval *readobj TSRMLS_DC);
ZEND_API void zend_std_write_property(zval *object, zval *member, zval *value, const struct _zend_literal *key TSRMLS_DC);
ZEND_API void rebuild_object_properties(zend_object *zobj);
Index: Zend/zend_compile.h
===================================================================
--- Zend/zend_compile.h (revision 322430)
+++ Zend/zend_compile.h (working copy)
@@ -830,6 +830,11 @@
#define ZEND_CALLSTATIC_FUNC_NAME "__callstatic"
#define ZEND_TOSTRING_FUNC_NAME "__tostring"
#define ZEND_AUTOLOAD_FUNC_NAME "__autoload"
+#define ZEND_TOINT_FUNC_NAME "__toint"
+#define ZEND_TOFLOAT_FUNC_NAME "__tofloat"
+#define ZEND_TOARRAY_FUNC_NAME "__toarray"
+#define ZEND_TORESOURCE_FUNC_NAME "__toresource"
+#define ZEND_TOSCALAR_FUNC_NAME "__toscalar"
/* The following constants may be combined in CG(compiler_options)
* to change the default compiler behavior */
Index: Zend/zend_API.c
===================================================================
--- Zend/zend_API.c (revision 322430)
+++ Zend/zend_API.c (working copy)
@@ -1926,7 +1926,7 @@
int count=0, unload=0, result=0;
HashTable *target_function_table = function_table;
int error_type;
- zend_function *ctor = NULL, *dtor = NULL, *clone = NULL, *__get = NULL, *__set = NULL, *__unset = NULL, *__isset = NULL, *__call = NULL, *__callstatic = NULL, *__tostring = NULL;
+ zend_function *ctor = NULL, *dtor = NULL, *clone = NULL, *__get = NULL, *__set = NULL, *__unset = NULL, *__isset = NULL, *__call = NULL, *__callstatic = NULL, *__tostring = NULL, *__toint = NULL, *__tofloat = NULL, *__toarray = NULL, *__toresource = NULL, *__toscalar = NULL;
const char *lowercase_name;
int fname_len;
const char *lc_class_name = NULL;
@@ -2069,6 +2069,16 @@
__unset = reg_function;
} else if ((fname_len == sizeof(ZEND_ISSET_FUNC_NAME)-1) && !memcmp(lowercase_name, ZEND_ISSET_FUNC_NAME, sizeof(ZEND_ISSET_FUNC_NAME))) {
__isset = reg_function;
+ } else if ((fname_len == sizeof(ZEND_TOINT_FUNC_NAME)-1) && !memcmp(lowercase_name, ZEND_TOINT_FUNC_NAME, sizeof(ZEND_TOINT_FUNC_NAME))) {
+ __toint = reg_function;
+ } else if ((fname_len == sizeof(ZEND_TOFLOAT_FUNC_NAME)-1) && !memcmp(lowercase_name, ZEND_TOFLOAT_FUNC_NAME, sizeof(ZEND_TOFLOAT_FUNC_NAME))) {
+ __tofloat = reg_function;
+ } else if ((fname_len == sizeof(ZEND_TOARRAY_FUNC_NAME)-1) && !memcmp(lowercase_name, ZEND_TOARRAY_FUNC_NAME, sizeof(ZEND_TOARRAY_FUNC_NAME))) {
+ __toarray = reg_function;
+ } else if ((fname_len == sizeof(ZEND_TORESOURCE_FUNC_NAME)-1) && !memcmp(lowercase_name, ZEND_TORESOURCE_FUNC_NAME, sizeof(ZEND_TORESOURCE_FUNC_NAME))) {
+ __toresource = reg_function;
+ } else if ((fname_len == sizeof(ZEND_TOSCALAR_FUNC_NAME)-1) && !memcmp(lowercase_name, ZEND_TOSCALAR_FUNC_NAME, sizeof(ZEND_TOSCALAR_FUNC_NAME))) {
+ __toscalar = reg_function;
} else {
reg_function = NULL;
}
@@ -2107,6 +2117,11 @@
scope->__set = __set;
scope->__unset = __unset;
scope->__isset = __isset;
+ scope->__toint = __toint;
+ scope->__tofloat = __tofloat;
+ scope->__toarray = __toarray;
+ scope->__toresource = __toresource;
+ scope->__toscalar = __toscalar;
if (ctor) {
ctor->common.fn_flags |= ZEND_ACC_CTOR;
if (ctor->common.fn_flags & ZEND_ACC_STATIC) {
@@ -2170,6 +2185,36 @@
}
__isset->common.fn_flags &= ~ZEND_ACC_ALLOW_STATIC;
}
+ if (__toint) {
+ if (__toint->common.fn_flags & ZEND_ACC_STATIC) {
+ zend_error(error_type, "Method %s::%s() cannot be static", scope->name, __toint->common.function_name);
+ }
+ __toint->common.fn_flags &= ~ZEND_ACC_ALLOW_STATIC;
+ }
+ if (__tofloat) {
+ if (__tofloat->common.fn_flags & ZEND_ACC_STATIC) {
+ zend_error(error_type, "Method %s::%s() cannot be static", scope->name, __tofloat->common.function_name);
+ }
+ __tofloat->common.fn_flags &= ~ZEND_ACC_ALLOW_STATIC;
+ }
+ if (__toarray) {
+ if (__toarray->common.fn_flags & ZEND_ACC_STATIC) {
+ zend_error(error_type, "Method %s::%s() cannot be static", scope->name, __toarray->common.function_name);
+ }
+ __toarray->common.fn_flags &= ~ZEND_ACC_ALLOW_STATIC;
+ }
+ if (__toresource) {
+ if (__toresource->common.fn_flags & ZEND_ACC_STATIC) {
+ zend_error(error_type, "Method %s::%s() cannot be static", scope->name, __toresource->common.function_name);
+ }
+ __toresource->common.fn_flags &= ~ZEND_ACC_ALLOW_STATIC;
+ }
+ if (__toscalar) {
+ if (__toscalar->common.fn_flags & ZEND_ACC_STATIC) {
+ zend_error(error_type, "Method %s::%s() cannot be static", scope->name, __toscalar->common.function_name);
+ }
+ __toscalar->common.fn_flags &= ~ZEND_ACC_ALLOW_STATIC;
+ }
efree((char*)lc_class_name);
}
return SUCCESS;
Index: Zend/zend_API.h
===================================================================
--- Zend/zend_API.h (revision 322430)
+++ Zend/zend_API.h (working copy)
@@ -190,6 +190,11 @@
class_container.__set = handle_propset; \
class_container.__unset = handle_propunset; \
class_container.__isset = handle_propisset; \
+ class_container.__toint = NULL; \
+ class_container.__tofloat = NULL; \
+ class_container.__toarray = NULL; \
+ class_container.__toresource = NULL; \
+ class_container.__toscalar = NULL; \
class_container.serialize_func = NULL; \
class_container.unserialize_func = NULL; \
class_container.serialize = NULL; \
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment