Ensure that statically stored class entries have an header

arnaud-lb · arnaud-lb · commit fcaa55475d7f · 2024-01-22T17:16:15.000+01:00
diff --git a/Zend/zend.h b/Zend/zend.h
@@ -253,6 +253,10 @@ struct _zend_class_entry {
 	} info;
 };
 
+typedef char zend_class_entry_storage[ZEND_CLASS_ENTRY_HEADER_SIZE + sizeof(zend_class_entry)];
+
+#define ZEND_CES_TO_CE(ces) ((zend_class_entry*)((char*) (ces) + ZEND_CLASS_ENTRY_HEADER_SIZE))
+
 typedef struct _zend_utility_functions {
 	void (*error_function)(int type, zend_string *error_filename, const uint32_t error_lineno, zend_string *message);
 	size_t (*printf_function)(const char *format, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 1, 2);
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -3359,7 +3359,7 @@ ZEND_API int zend_next_free_module(void) /* {{{ */
 
 static zend_class_entry *do_register_internal_class(zend_class_entry *orig_class_entry, uint32_t ce_flags) /* {{{ */
 {
-	void *ref = malloc(sizeof(zend_class_entry) + ZEND_CLASS_ENTRY_HEADER_SIZE);
+	zend_class_entry_storage *ref = (zend_class_entry_storage*) malloc(sizeof(zend_class_entry) + ZEND_CLASS_ENTRY_HEADER_SIZE);
 	zend_class_entry *class_entry = zend_init_class_entry_header(ref);
 	zend_string *lowercase_name;
 	*class_entry = *orig_class_entry;
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -8270,8 +8270,8 @@ static void zend_compile_generic_params(zend_ast *params_ast)
 	}
 }
 
-zend_class_entry *zend_init_class_entry_header(void *ptr) {
-	zend_class_reference *ref = ptr;
+zend_class_entry *zend_init_class_entry_header(zend_class_entry_storage *ptr) {
+	zend_class_reference *ref = (zend_class_reference*) ptr;
 	zend_class_entry *ce = (zend_class_entry *) ((char *) ptr + ZEND_CLASS_ENTRY_HEADER_SIZE);
 	ref->ce = ce;
 	ref->args.num_types = 0;
diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h
@@ -909,7 +909,7 @@ ZEND_API void pass_two(zend_op_array *op_array);
 ZEND_API bool zend_is_compiling(void);
 ZEND_API char *zend_make_compiled_string_description(const char *name);
 ZEND_API void zend_initialize_class_data(zend_class_entry *ce, bool nullify_handlers);
-zend_class_entry *zend_init_class_entry_header(void *ptr);
+zend_class_entry *zend_init_class_entry_header(zend_class_entry_storage *ptr);
 uint32_t zend_get_class_fetch_type(const zend_string *name);
 ZEND_API uint8_t zend_get_call_op(const zend_op *init_op, zend_function *fbc);
 ZEND_API bool zend_is_smart_branch(const zend_op *opline);
diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c
@@ -45,10 +45,12 @@ ZEND_API zend_class_entry *zend_ce_division_by_zero_error;
 ZEND_API zend_class_entry *zend_ce_unhandled_match_error;
 
 /* Internal pseudo-exception that is not exposed to userland. Throwing this exception *does not* execute finally blocks. */
-static zend_class_entry zend_ce_unwind_exit;
+static zend_class_entry_storage zend_ces_unwind_exit;
+#define zend_ce_unwind_exit ZEND_CES_TO_CE(zend_ces_unwind_exit)
 
 /* Internal pseudo-exception that is not exposed to userland. Throwing this exception *does* execute finally blocks. */
-static zend_class_entry zend_ce_graceful_exit;
+static zend_class_entry_storage zend_ces_graceful_exit;
+#define zend_ce_graceful_exit ZEND_CES_TO_CE(zend_ces_graceful_exit)
 
 ZEND_API void (*zend_throw_exception_hook)(zend_object *ex);
 
@@ -795,9 +797,11 @@ void zend_register_default_exception(void) /* {{{ */
 	zend_ce_unhandled_match_error = register_class_UnhandledMatchError(zend_ce_error);
 	zend_init_exception_class_entry(zend_ce_unhandled_match_error);
 
-	INIT_CLASS_ENTRY(zend_ce_unwind_exit, "UnwindExit", NULL);
+	INIT_CLASS_ENTRY((*zend_ce_unwind_exit), "UnwindExit", NULL);
+	zend_init_class_entry_header(&zend_ces_unwind_exit);
 
-	INIT_CLASS_ENTRY(zend_ce_graceful_exit, "GracefulExit", NULL);
+	INIT_CLASS_ENTRY((*zend_ce_graceful_exit), "GracefulExit", NULL);
+	zend_init_class_entry_header(&zend_ces_graceful_exit);
 }
 /* }}} */
 
@@ -958,7 +962,7 @@ ZEND_API ZEND_COLD zend_result zend_exception_error(zend_object *ex, int severit
 
 		zend_string_release_ex(str, 0);
 		zend_string_release_ex(file, 0);
-	} else if (ce_exception == &zend_ce_unwind_exit || ce_exception == &zend_ce_graceful_exit) {
+	} else if (ce_exception == zend_ce_unwind_exit || ce_exception == zend_ce_graceful_exit) {
 		/* We successfully unwound, nothing more to do.
 		 * We still return FAILURE in this case, as further execution should still be aborted. */
 	} else {
@@ -1006,12 +1010,12 @@ ZEND_API ZEND_COLD void zend_throw_exception_object(zval *exception) /* {{{ */
 
 ZEND_API ZEND_COLD zend_object *zend_create_unwind_exit(void)
 {
-	return zend_objects_new(&zend_ce_unwind_exit);
+	return zend_objects_new(zend_ce_unwind_exit);
 }
 
 ZEND_API ZEND_COLD zend_object *zend_create_graceful_exit(void)
 {
-	return zend_objects_new(&zend_ce_graceful_exit);
+	return zend_objects_new(zend_ce_graceful_exit);
 }
 
 ZEND_API ZEND_COLD void zend_throw_unwind_exit(void)
@@ -1032,10 +1036,10 @@ ZEND_API ZEND_COLD void zend_throw_graceful_exit(void)
 
 ZEND_API bool zend_is_unwind_exit(const zend_object *ex)
 {
-	return OBJ_CE(ex) == &zend_ce_unwind_exit;
+	return ex->cr == (zend_class_reference*) &zend_ces_unwind_exit;
 }
 
 ZEND_API bool zend_is_graceful_exit(const zend_object *ex)
 {
-	return OBJ_CE(ex) == &zend_ce_graceful_exit;
+	return ex->cr == (zend_class_reference*) &zend_ces_graceful_exit;
 }
diff --git a/Zend/zend_iterators.c b/Zend/zend_iterators.c
@@ -20,7 +20,8 @@
 #include "zend.h"
 #include "zend_API.h"
 
-static zend_class_entry zend_iterator_class_entry;
+static zend_class_entry_storage zend_iterator_class_entry_storage;
+#define zend_iterator_class_entry ZEND_CES_TO_CE(&zend_iterator_class_entry_storage)
 
 static void iter_wrapper_free(zend_object *object);
 static void iter_wrapper_dtor(zend_object *object);
@@ -56,8 +57,9 @@ static const zend_object_handlers iterator_object_handlers = {
 
 ZEND_API void zend_register_iterator_wrapper(void)
 {
-	INIT_CLASS_ENTRY(zend_iterator_class_entry, "__iterator_wrapper", NULL);
-	zend_iterator_class_entry.default_object_handlers = &iterator_object_handlers;
+	INIT_CLASS_ENTRY((*zend_iterator_class_entry), "__iterator_wrapper", NULL);
+	zend_iterator_class_entry->default_object_handlers = &iterator_object_handlers;
+	zend_init_class_entry_header(&zend_iterator_class_entry_storage);
 }
 
 static void iter_wrapper_free(zend_object *object)
@@ -83,7 +85,7 @@ static HashTable *iter_wrapper_get_gc(zend_object *object, zval **table, int *n)
 
 ZEND_API void zend_iterator_init(zend_object_iterator *iter)
 {
-	zend_object_std_init(&iter->std, &zend_iterator_class_entry);
+	zend_object_std_init(&iter->std, zend_iterator_class_entry);
 }
 
 ZEND_API void zend_iterator_dtor(zend_object_iterator *iter)

Original file line number	Diff line number	Diff line change
`@@ -3359,7 +3359,7 @@ ZEND_API int zend_next_free_module(void) /* {{{ */`
`3359`	`3359`
`3360`	`3360`	`static zend_class_entry do_register_internal_class(zend_class_entry orig_class_entry, uint32_t ce_flags) /* {{{ */`
`3361`	`3361`	`{`
`3362`		`- void *ref = malloc(sizeof(zend_class_entry) + ZEND_CLASS_ENTRY_HEADER_SIZE);`
	`3362`	`+ zend_class_entry_storage ref = (zend_class_entry_storage) malloc(sizeof(zend_class_entry) + ZEND_CLASS_ENTRY_HEADER_SIZE);`
`3363`	`3363`	`zend_class_entry *class_entry = zend_init_class_entry_header(ref);`
`3364`	`3364`	`zend_string *lowercase_name;`
`3365`	`3365`	`class_entry = orig_class_entry;`
Original file line number	Diff line number	Diff line change
`@@ -8270,8 +8270,8 @@ static void zend_compile_generic_params(zend_ast *params_ast)`
`8270`	`8270`	`}`
`8271`	`8271`	`}`
`8272`	`8272`
`8273`		`-zend_class_entry zend_init_class_entry_header(void ptr) {`
`8274`		`- zend_class_reference *ref = ptr;`
	`8273`	`+zend_class_entry zend_init_class_entry_header(zend_class_entry_storage ptr) {`
	`8274`	`+ zend_class_reference ref = (zend_class_reference) ptr;`
`8275`	`8275`	`zend_class_entry ce = (zend_class_entry ) ((char *) ptr + ZEND_CLASS_ENTRY_HEADER_SIZE);`
`8276`	`8276`	`ref->ce = ce;`
`8277`	`8277`	`ref->args.num_types = 0;`
Original file line number	Diff line number	Diff line change
`@@ -45,10 +45,12 @@ ZEND_API zend_class_entry *zend_ce_division_by_zero_error;`
`45`	`45`	`ZEND_API zend_class_entry *zend_ce_unhandled_match_error;`
`46`	`46`
`47`	`47`	`/* Internal pseudo-exception that is not exposed to userland. Throwing this exception does not execute finally blocks. */`
`48`		`-static zend_class_entry zend_ce_unwind_exit;`
	`48`	`+static zend_class_entry_storage zend_ces_unwind_exit;`
	`49`	`+#define zend_ce_unwind_exit ZEND_CES_TO_CE(zend_ces_unwind_exit)`
`49`	`50`
`50`	`51`	`/* Internal pseudo-exception that is not exposed to userland. Throwing this exception does execute finally blocks. */`
`51`		`-static zend_class_entry zend_ce_graceful_exit;`
	`52`	`+static zend_class_entry_storage zend_ces_graceful_exit;`
	`53`	`+#define zend_ce_graceful_exit ZEND_CES_TO_CE(zend_ces_graceful_exit)`
`52`	`54`
`53`	`55`	`ZEND_API void (zend_throw_exception_hook)(zend_object ex);`
`54`	`56`
`@@ -795,9 +797,11 @@ void zend_register_default_exception(void) /* {{{ */`
`795`	`797`	`zend_ce_unhandled_match_error = register_class_UnhandledMatchError(zend_ce_error);`
`796`	`798`	`zend_init_exception_class_entry(zend_ce_unhandled_match_error);`
`797`	`799`
`798`		`- INIT_CLASS_ENTRY(zend_ce_unwind_exit, "UnwindExit", NULL);`
	`800`	`+ INIT_CLASS_ENTRY((*zend_ce_unwind_exit), "UnwindExit", NULL);`
	`801`	`+ zend_init_class_entry_header(&zend_ces_unwind_exit);`
`799`	`802`
`800`		`- INIT_CLASS_ENTRY(zend_ce_graceful_exit, "GracefulExit", NULL);`
	`803`	`+ INIT_CLASS_ENTRY((*zend_ce_graceful_exit), "GracefulExit", NULL);`
	`804`	`+ zend_init_class_entry_header(&zend_ces_graceful_exit);`
`801`	`805`	`}`
`802`	`806`	`/* }}} */`
`803`	`807`
`@@ -958,7 +962,7 @@ ZEND_API ZEND_COLD zend_result zend_exception_error(zend_object *ex, int severit`
`958`	`962`
`959`	`963`	`zend_string_release_ex(str, 0);`
`960`	`964`	`zend_string_release_ex(file, 0);`
`961`		`- } else if (ce_exception == &zend_ce_unwind_exit \|\| ce_exception == &zend_ce_graceful_exit) {`
	`965`	`+ } else if (ce_exception == zend_ce_unwind_exit \|\| ce_exception == zend_ce_graceful_exit) {`
`962`	`966`	`/* We successfully unwound, nothing more to do.`
`963`	`967`	`* We still return FAILURE in this case, as further execution should still be aborted. */`
`964`	`968`	`} else {`
`@@ -1006,12 +1010,12 @@ ZEND_API ZEND_COLD void zend_throw_exception_object(zval exception) / {{{ */`
`1006`	`1010`
`1007`	`1011`	`ZEND_API ZEND_COLD zend_object *zend_create_unwind_exit(void)`
`1008`	`1012`	`{`
`1009`		`- return zend_objects_new(&zend_ce_unwind_exit);`
	`1013`	`+ return zend_objects_new(zend_ce_unwind_exit);`
`1010`	`1014`	`}`
`1011`	`1015`
`1012`	`1016`	`ZEND_API ZEND_COLD zend_object *zend_create_graceful_exit(void)`
`1013`	`1017`	`{`
`1014`		`- return zend_objects_new(&zend_ce_graceful_exit);`
	`1018`	`+ return zend_objects_new(zend_ce_graceful_exit);`
`1015`	`1019`	`}`
`1016`	`1020`
`1017`	`1021`	`ZEND_API ZEND_COLD void zend_throw_unwind_exit(void)`
`@@ -1032,10 +1036,10 @@ ZEND_API ZEND_COLD void zend_throw_graceful_exit(void)`
`1032`	`1036`
`1033`	`1037`	`ZEND_API bool zend_is_unwind_exit(const zend_object *ex)`
`1034`	`1038`	`{`
`1035`		`- return OBJ_CE(ex) == &zend_ce_unwind_exit;`
	`1039`	`+ return ex->cr == (zend_class_reference*) &zend_ces_unwind_exit;`
`1036`	`1040`	`}`
`1037`	`1041`
`1038`	`1042`	`ZEND_API bool zend_is_graceful_exit(const zend_object *ex)`
`1039`	`1043`	`{`
`1040`		`- return OBJ_CE(ex) == &zend_ce_graceful_exit;`
	`1044`	`+ return ex->cr == (zend_class_reference*) &zend_ces_graceful_exit;`
`1041`	`1045`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,8 @@`
`20`	`20`	`#include "zend.h"`
`21`	`21`	`#include "zend_API.h"`
`22`	`22`
`23`		`-static zend_class_entry zend_iterator_class_entry;`
	`23`	`+static zend_class_entry_storage zend_iterator_class_entry_storage;`
	`24`	`+#define zend_iterator_class_entry ZEND_CES_TO_CE(&zend_iterator_class_entry_storage)`
`24`	`25`
`25`	`26`	`static void iter_wrapper_free(zend_object *object);`
`26`	`27`	`static void iter_wrapper_dtor(zend_object *object);`
`@@ -56,8 +57,9 @@ static const zend_object_handlers iterator_object_handlers = {`
`56`	`57`
`57`	`58`	`ZEND_API void zend_register_iterator_wrapper(void)`
`58`	`59`	`{`
`59`		`- INIT_CLASS_ENTRY(zend_iterator_class_entry, "__iterator_wrapper", NULL);`
`60`		`- zend_iterator_class_entry.default_object_handlers = &iterator_object_handlers;`
	`60`	`+ INIT_CLASS_ENTRY((*zend_iterator_class_entry), "__iterator_wrapper", NULL);`
	`61`	`+ zend_iterator_class_entry->default_object_handlers = &iterator_object_handlers;`
	`62`	`+ zend_init_class_entry_header(&zend_iterator_class_entry_storage);`
`61`	`63`	`}`
`62`	`64`
`63`	`65`	`static void iter_wrapper_free(zend_object *object)`
`@@ -83,7 +85,7 @@ static HashTable iter_wrapper_get_gc(zend_object object, zval *table, int n)`
`83`	`85`
`84`	`86`	`ZEND_API void zend_iterator_init(zend_object_iterator *iter)`
`85`	`87`	`{`
`86`		`- zend_object_std_init(&iter->std, &zend_iterator_class_entry);`
	`88`	`+ zend_object_std_init(&iter->std, zend_iterator_class_entry);`
`87`	`89`	`}`
`88`	`90`
`89`	`91`	`ZEND_API void zend_iterator_dtor(zend_object_iterator *iter)`