PHPC-215: Fix Cursor iteration through IteratorIterator

This removes the invalidate_current handler. Due to SPL's implementation, our handler was being invoked between rewinding and checking if the current position was valid. Given that our validity check depends on inspecting a pointer to the current element (like MySQLi's result iterator), we cannot use invalidate_current.

The current element must still be freed during iteration, so we will instead call a php_phongo_cursor_free_current() function as needed. Additionally, we should track a reference to the Cursor object zval on the iterator itself, which will ensure it is not garbage-collected during iteration (demonstrated in the segfault backtrace in PHPC-215).

Lastly, this commit renames the Cursor object and iterator structs and related functions to be more consistent with implementions in PHP core.

Author: jmikola

php_phongo.c

@@ -1557,28 +1557,32 @@ void php_phongo_cursor_free(php_phongo_cursor_t *cursor)
 	}
 }
 
-/* {{{ Iterator */
-static void phongo_cursor_iterator_invalidate_current(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
+static void php_phongo_cursor_free_current(php_phongo_cursor_t *cursor) /* {{{ */
 {
-	php_phongo_cursor_t *cursor = NULL;
-
-	cursor = ((phongo_cursor_it *)iter)->iterator.data;
 	if (cursor->visitor_data.zchild) {
 		zval_ptr_dtor(&cursor->visitor_data.zchild);
 		cursor->visitor_data.zchild = NULL;
 	}
 } /* }}} */
 
-static void phongo_cursor_iterator_dtor(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
+/* {{{ Iterator */
+static void php_phongo_cursor_iterator_dtor(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
 {
-	efree(iter);
+	php_phongo_cursor_iterator *cursor_it = (php_phongo_cursor_iterator *)iter;
+
+	if (cursor_it->intern.data) {
+		zval_ptr_dtor((zval**)&cursor_it->intern.data);
+		cursor_it->intern.data = NULL;
+	}
+
+	php_phongo_cursor_free_current(cursor_it->cursor);
+
+	efree(cursor_it);
 } /* }}} */
 
-static int phongo_cursor_iterator_valid(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
+static int php_phongo_cursor_iterator_valid(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
 {
-	php_phongo_cursor_t *cursor = NULL;
-
-	cursor = ((phongo_cursor_it *)iter)->iterator.data;
+	php_phongo_cursor_t *cursor = ((php_phongo_cursor_iterator *)iter)->cursor;
 
 	if (cursor->visitor_data.zchild) {
 		return SUCCESS;
@@ -1588,37 +1592,34 @@ static int phongo_cursor_iterator_valid(zend_object_iterator *iter TSRMLS_DC) /*
 } /* }}} */
 
 #if PHP_VERSION_ID < 50500
-static int phongo_cursor_iterator_get_current_key(zend_object_iterator *iter, char **str_key, uint *str_key_len, ulong *int_key TSRMLS_DC) /* {{{ */
+static int php_phongo_cursor_iterator_get_current_key(zend_object_iterator *iter, char **str_key, uint *str_key_len, ulong *int_key TSRMLS_DC) /* {{{ */
 {
-	*int_key = (ulong) ((phongo_cursor_it *)iter)->current;
+	*int_key = (ulong) ((php_phongo_cursor_iterator *)iter)->current;
 	return HASH_KEY_IS_LONG;
 } /* }}} */
 #else
-static void phongo_cursor_iterator_get_current_key(zend_object_iterator *iter, zval *key TSRMLS_DC) /* {{{ */
+static void php_phongo_cursor_iterator_get_current_key(zend_object_iterator *iter, zval *key TSRMLS_DC) /* {{{ */
 {
-	ZVAL_LONG(key, ((phongo_cursor_it *)iter)->current);
+	ZVAL_LONG(key, ((php_phongo_cursor_iterator *)iter)->current);
 } /* }}} */
 #endif
 
-static void phongo_cursor_iterator_get_current_data(zend_object_iterator *iter, zval ***data TSRMLS_DC) /* {{{ */
+static void php_phongo_cursor_iterator_get_current_data(zend_object_iterator *iter, zval ***data TSRMLS_DC) /* {{{ */
 {
-	php_phongo_cursor_t *cursor = NULL;
-
-	cursor = ((phongo_cursor_it *)iter)->iterator.data;
+	php_phongo_cursor_t *cursor = ((php_phongo_cursor_iterator *)iter)->cursor;
 
 	*data = &cursor->visitor_data.zchild;
 } /* }}} */
 
-static void phongo_cursor_iterator_move_forward(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
+static void php_phongo_cursor_iterator_move_forward(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
 {
-	php_phongo_cursor_t   *cursor = NULL;
-	phongo_cursor_it      *cursor_it = (phongo_cursor_it *)iter;
-	const bson_t          *doc;
+	php_phongo_cursor_iterator *cursor_it = (php_phongo_cursor_iterator *)iter;
+	php_phongo_cursor_t        *cursor = cursor_it->cursor;
+	const bson_t               *doc;
 
-	cursor = ((phongo_cursor_it *)iter)->iterator.data;
-	iter->funcs->invalidate_current(iter TSRMLS_CC);
+	php_phongo_cursor_free_current(cursor);
+	cursor_it->current++;
 
-	((phongo_cursor_it *)iter)->current++;
 	if (bson_iter_next(&cursor_it->first_batch_iter)) {
 		if (BSON_ITER_HOLDS_DOCUMENT (&cursor_it->first_batch_iter)) {
 			const uint8_t *data = NULL;
@@ -1635,20 +1636,18 @@ static void phongo_cursor_iterator_move_forward(zend_object_iterator *iter TSRML
 		MAKE_STD_ZVAL(cursor->visitor_data.zchild);
 		bson_to_zval(bson_get_data(doc), doc->len, &cursor->visitor_data);
 	} else {
-		iter->funcs->invalidate_current(iter TSRMLS_CC);
+		/* TODO: is this really necessary? */
+		php_phongo_cursor_free_current(cursor);
 	}
-
 } /* }}} */
 
-static void phongo_cursor_iterator_rewind(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
+static void php_phongo_cursor_iterator_rewind(zend_object_iterator *iter TSRMLS_DC) /* {{{ */
 {
-	php_phongo_cursor_t *cursor = NULL;
-	phongo_cursor_it    *cursor_it = (phongo_cursor_it *)iter;
+	php_phongo_cursor_iterator *cursor_it = (php_phongo_cursor_iterator *)iter;
+	php_phongo_cursor_t        *cursor = cursor_it->cursor;
 
-	cursor = ((phongo_cursor_it *)iter)->iterator.data;
-
-	iter->funcs->invalidate_current(iter TSRMLS_CC);
-	((phongo_cursor_it *)iter)->current = 0;
+	php_phongo_cursor_free_current(cursor);
+	cursor_it->current = 0;
 
 	/* firstBatch is empty when the query simply didn't return any results */
 	if (cursor->firstBatch) {
@@ -1674,34 +1673,33 @@ static void phongo_cursor_iterator_rewind(zend_object_iterator *iter TSRMLS_DC)
 } /* }}} */
 
 /* iterator handler table */
-zend_object_iterator_funcs phongo_cursor_iterator_funcs = {
-	phongo_cursor_iterator_dtor,
-	phongo_cursor_iterator_valid,
-	phongo_cursor_iterator_get_current_data,
-	phongo_cursor_iterator_get_current_key,
-	phongo_cursor_iterator_move_forward,
-	phongo_cursor_iterator_rewind,
-	phongo_cursor_iterator_invalidate_current
+zend_object_iterator_funcs php_phongo_cursor_iterator_funcs = {
+	php_phongo_cursor_iterator_dtor,
+	php_phongo_cursor_iterator_valid,
+	php_phongo_cursor_iterator_get_current_data,
+	php_phongo_cursor_iterator_get_current_key,
+	php_phongo_cursor_iterator_move_forward,
+	php_phongo_cursor_iterator_rewind,
+	NULL /* invalidate_current is not used */
 };
 
-zend_object_iterator *phongo_cursor_get_iterator(zend_class_entry *ce, zval *object, int by_ref TSRMLS_DC) /* {{{ */
+zend_object_iterator *php_phongo_cursor_get_iterator(zend_class_entry *ce, zval *object, int by_ref TSRMLS_DC) /* {{{ */
 {
-	php_phongo_cursor_t    *cursor = (php_phongo_cursor_t *)zend_object_store_get_object(object TSRMLS_CC);
-	phongo_cursor_it       *cursor_it = NULL;
+	php_phongo_cursor_iterator *cursor_it = NULL;
 
 	if (by_ref) {
 		zend_error(E_ERROR, "An iterator cannot be used with foreach by reference");
 	}
 
-	cursor_it = ecalloc(1, sizeof(phongo_cursor_it));
+	cursor_it = ecalloc(1, sizeof(php_phongo_cursor_iterator));
 
-	if (cursor->visitor_data.zchild) {
-		zval_ptr_dtor(&cursor->visitor_data.zchild);
-		cursor->visitor_data.zchild = NULL;
-	}
+	Z_ADDREF_P(object);
+	cursor_it->intern.data  = (void*)object;
+	cursor_it->intern.funcs = &php_phongo_cursor_iterator_funcs;
+	cursor_it->cursor = (php_phongo_cursor_t *)zend_object_store_get_object(object TSRMLS_CC);
+	/* cursor_it->current should already be allocated to zero */
 
-	cursor_it->iterator.data  = cursor;
-	cursor_it->iterator.funcs = &phongo_cursor_iterator_funcs;
+	php_phongo_cursor_free_current(cursor_it->cursor);
 
 	return (zend_object_iterator*)cursor_it;
 } /* }}} */

php_phongo.h

@@ -115,7 +115,6 @@ int                      phongo_execute_single_update(mongoc_client_t *client, c
 int                      phongo_execute_single_delete(mongoc_client_t *client, const char *namespace, const bson_t *query, const mongoc_write_concern_t *write_concern, int server_id, mongoc_delete_flags_t flags, zval *return_value, int return_value_used TSRMLS_DC);
 
 mongoc_stream_t*         phongo_stream_initiator     (const mongoc_uri_t *uri, const mongoc_host_list_t *host, void *user_data, bson_error_t *error);
-zend_object_iterator*    phongo_cursor_get_iterator  (zend_class_entry *ce, zval *object, int by_ref TSRMLS_DC);
 const mongoc_read_prefs_t*    phongo_read_preference_from_zval(zval *zread_preference TSRMLS_DC);
 const mongoc_write_concern_t* phongo_write_concern_from_zval  (zval *zwrite_concern TSRMLS_DC);
 const php_phongo_query_t*     phongo_query_from_zval          (zval *zquery TSRMLS_DC);
@@ -142,6 +141,7 @@ zend_bool phongo_writeerror_init(zval *return_value, bson_t *bson TSRMLS_DC);
 zend_bool phongo_writeconcernerror_init(zval *return_value, bson_t *bson TSRMLS_DC);
 
 void php_phongo_cursor_free(php_phongo_cursor_t *cursor);
+zend_object_iterator* php_phongo_cursor_get_iterator(zend_class_entry *ce, zval *object, int by_ref TSRMLS_DC);
 
 #define PHONGO_CE_INIT(ce) do {                     \
 	ce->ce_flags    |= ZEND_ACC_FINAL_CLASS;        \

php_phongo_classes.h

@@ -57,10 +57,11 @@ typedef struct {
 } php_phongo_cursor_t;
 
 typedef struct {
-	zend_object_iterator   iterator;
+	zend_object_iterator   intern;
 	bson_iter_t            first_batch_iter;
+	php_phongo_cursor_t   *cursor;
 	long                   current;
-} phongo_cursor_it;
+} php_phongo_cursor_iterator;
 
 typedef struct {
 	zend_object              std;

src/MongoDB/Cursor.c

@@ -276,7 +276,7 @@ PHP_MINIT_FUNCTION(Cursor)
 	php_phongo_cursor_ce = zend_register_internal_class(&ce TSRMLS_CC);
 	php_phongo_cursor_ce->create_object = php_phongo_cursor_create_object;
 	PHONGO_CE_INIT(php_phongo_cursor_ce);
-	php_phongo_cursor_ce->get_iterator = phongo_cursor_get_iterator;
+	php_phongo_cursor_ce->get_iterator = php_phongo_cursor_get_iterator;
 
 	memcpy(&php_phongo_handler_cursor, phongo_get_std_object_handlers(), sizeof(zend_object_handlers));
 	php_phongo_handler_cursor.get_debug_info = php_phongo_cursor_get_debug_info;

tests/standalone/cursor-IteratorIterator-001.phpt

@@ -0,0 +1,36 @@
+--TEST--
+MongoDB\Driver\Cursor query result iteration through IteratorIterator
+--SKIPIF--
+<?php require "tests/utils/basic-skipif.inc"; CLEANUP(STANDALONE) ?>
+--FILE--
+<?php
+require_once "tests/utils/basic.inc";
+
+$manager = new MongoDB\Driver\Manager(STANDALONE);
+
+$manager->executeInsert(NS, array('_id' => 1, 'x' => 1));
+$manager->executeInsert(NS, array('_id' => 2, 'x' => 1));
+
+$cursor = $manager->executeQuery(NS, new MongoDB\Driver\Query(array("x" => 1)));
+
+foreach (new IteratorIterator($cursor) as $document) {
+    var_dump($document);
+}
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+array(2) {
+  ["_id"]=>
+  int(1)
+  ["x"]=>
+  int(1)
+}
+array(2) {
+  ["_id"]=>
+  int(2)
+  ["x"]=>
+  int(1)
+}
+===DONE===

tests/standalone/cursor-IteratorIterator-002.phpt

@@ -0,0 +1,44 @@
+--TEST--
+MongoDB\Driver\Cursor command result iteration through IteratorIterator
+--SKIPIF--
+<?php require "tests/utils/basic-skipif.inc"; CLEANUP(STANDALONE) ?>
+--FILE--
+<?php
+require_once "tests/utils/basic.inc";
+
+$manager = new MongoDB\Driver\Manager(STANDALONE);
+
+$manager->executeInsert(NS, array('_id' => 1, 'x' => 1));
+$manager->executeInsert(NS, array('_id' => 2, 'x' => 1));
+
+$command = new MongoDB\Driver\Command(array(
+    'aggregate' => COLLECTION_NAME,
+    'pipeline' => array(
+        array('$match' => array('x' => 1)),
+    ),
+    'cursor' => new stdClass,
+));
+
+$cursor = $manager->executeCommand(DATABASE_NAME, $command);
+
+foreach (new IteratorIterator($cursor) as $document) {
+    var_dump($document);
+}
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECT--
+array(2) {
+  ["_id"]=>
+  int(1)
+  ["x"]=>
+  int(1)
+}
+array(2) {
+  ["_id"]=>
+  int(2)
+  ["x"]=>
+  int(1)
+}
+===DONE===