diff --git a/Zend/tests/lazy_objects/gh20174.phpt b/Zend/tests/lazy_objects/gh20174.phpt new file mode 100644 index 0000000000000..2bce09b4dc713 --- /dev/null +++ b/Zend/tests/lazy_objects/gh20174.phpt @@ -0,0 +1,33 @@ +--TEST-- +GH-20174: Assertion failure in ReflectionProperty::skipLazyInitialization after failed LazyProxy skipLazyInitialization +--CREDITS-- +vi3tL0u1s +--FILE-- +newLazyProxy(function ($obj) { + $obj->b = 4; + throw new Exception(); +}); + +try { + $reflector->initializeLazyObject($obj); +} catch (Exception $e) { + $reflector->getProperty('b')->skipLazyInitialization($obj); +} + +var_dump($obj); + +?> +--EXPECTF-- +lazy proxy object(C)#%d (1) { + ["b"]=> + NULL +} diff --git a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes.phpt b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes.phpt index 4edf9481ebc22..695da60229c75 100644 --- a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes.phpt +++ b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes.phpt @@ -46,7 +46,6 @@ $obj = $reflector->newLazyProxy(function ($obj) { throw new Exception('initializer exception'); }); -// Initializer effects on the proxy are not reverted test('Proxy', $obj); --EXPECTF-- @@ -63,12 +62,10 @@ Is lazy: 1 # Proxy: string(11) "initializer" initializer exception -lazy proxy object(C)#%d (3) { - ["a"]=> - int(3) +lazy proxy object(C)#%d (1) { ["b"]=> - int(4) + uninitialized(int) ["c"]=> - int(5) + int(0) } Is lazy: 1 diff --git a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props.phpt b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props.phpt index ce94fc8b2ab79..19d3eac7a9f08 100644 --- a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props.phpt +++ b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props.phpt @@ -49,7 +49,6 @@ $obj = $reflector->newLazyProxy(function ($obj) { throw new Exception('initializer exception'); }); -// Initializer effects on the proxy are not reverted test('Proxy', $obj); --EXPECTF-- @@ -66,14 +65,10 @@ Is lazy: 1 # Proxy: string(11) "initializer" initializer exception -lazy proxy object(C)#%d (4) { - ["a"]=> - int(3) +lazy proxy object(C)#%d (1) { ["b"]=> - int(4) + uninitialized(int) ["c"]=> - int(5) - ["d"]=> - int(6) + int(0) } Is lazy: 1 diff --git a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props_and_ht.phpt b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props_and_ht.phpt index 1bc3eb2cea8e1..c11a0eda7aaab 100644 --- a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props_and_ht.phpt +++ b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_dyn_props_and_ht.phpt @@ -52,7 +52,6 @@ $obj = $reflector->newLazyProxy(function ($obj) { throw new Exception('initializer exception'); }); -// Initializer effects on the proxy are not reverted test('Proxy', $obj); --EXPECTF-- @@ -73,14 +72,10 @@ array(0) { } string(11) "initializer" initializer exception -lazy proxy object(C)#%d (4) { - ["a"]=> - int(3) +lazy proxy object(C)#%d (1) { ["b"]=> - int(4) + uninitialized(int) ["c"]=> - int(5) - ["d"]=> - int(6) + int(0) } Is lazy: 1 diff --git a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht.phpt b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht.phpt index c4f0bd98773fd..7419a4a31da99 100644 --- a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht.phpt +++ b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht.phpt @@ -49,7 +49,6 @@ $obj = $reflector->newLazyProxy(function ($obj) { throw new Exception('initializer exception'); }); -// Initializer effects on the proxy are not reverted test('Proxy', $obj); --EXPECTF-- @@ -74,12 +73,10 @@ array(1) { } string(11) "initializer" initializer exception -lazy proxy object(C)#%d (3) { - ["a"]=> - int(3) +lazy proxy object(C)#%d (1) { ["b"]=> - int(4) + uninitialized(int) ["c"]=> - int(5) + int(0) } Is lazy: 1 diff --git a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht_ref.phpt b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht_ref.phpt index 094f5c9b80947..cea95c3c8a7b8 100644 --- a/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht_ref.phpt +++ b/Zend/tests/lazy_objects/init_exception_reverts_initializer_changes_props_ht_ref.phpt @@ -55,7 +55,6 @@ $obj = $reflector->newLazyProxy(function ($obj) { throw new Exception('initializer exception'); }); -// Initializer effects on the proxy are not reverted test('Proxy', $obj); --EXPECTF-- @@ -83,13 +82,11 @@ array(1) { } string(11) "initializer" initializer exception -lazy proxy object(C)#%d (3) { - ["a"]=> - int(3) +lazy proxy object(C)#%d (1) { ["b"]=> - int(4) + uninitialized(int) ["c"]=> - int(5) + int(0) } Is lazy: 1 diff --git a/Zend/zend_lazy_objects.c b/Zend/zend_lazy_objects.c index d1b950160e1cc..974f64ce9598d 100644 --- a/Zend/zend_lazy_objects.c +++ b/Zend/zend_lazy_objects.c @@ -479,6 +479,24 @@ static zend_object *zend_lazy_object_init_proxy(zend_object *obj) /* prevent reentrant initialization */ OBJ_EXTRA_FLAGS(obj) &= ~(IS_OBJ_LAZY_UNINITIALIZED|IS_OBJ_LAZY_PROXY); + zval *properties_table_snapshot = NULL; + + /* Snapshot dynamic properties */ + HashTable *properties_snapshot = obj->properties; + if (properties_snapshot) { + GC_TRY_ADDREF(properties_snapshot); + } + + /* Snapshot declared properties */ + if (obj->ce->default_properties_count) { + zval *properties_table = obj->properties_table; + properties_table_snapshot = emalloc(sizeof(*properties_table_snapshot) * obj->ce->default_properties_count); + + for (int i = 0; i < obj->ce->default_properties_count; i++) { + ZVAL_COPY_PROP(&properties_table_snapshot[i], &properties_table[i]); + } + } + /* Call factory */ zval retval; int argc = 1; @@ -492,33 +510,29 @@ static zend_object *zend_lazy_object_init_proxy(zend_object *obj) zend_call_known_fcc(initializer, &retval, argc, &zobj, named_params); if (UNEXPECTED(EG(exception))) { - OBJ_EXTRA_FLAGS(obj) |= IS_OBJ_LAZY_UNINITIALIZED|IS_OBJ_LAZY_PROXY; - goto exit; + goto fail; } if (UNEXPECTED(Z_TYPE(retval) != IS_OBJECT)) { - OBJ_EXTRA_FLAGS(obj) |= IS_OBJ_LAZY_UNINITIALIZED|IS_OBJ_LAZY_PROXY; zend_type_error("Lazy proxy factory must return an instance of a class compatible with %s, %s returned", ZSTR_VAL(obj->ce->name), zend_zval_value_name(&retval)); zval_ptr_dtor(&retval); - goto exit; + goto fail; } if (UNEXPECTED(Z_TYPE(retval) != IS_OBJECT || !zend_lazy_object_compatible(Z_OBJ(retval), obj))) { - OBJ_EXTRA_FLAGS(obj) |= IS_OBJ_LAZY_UNINITIALIZED|IS_OBJ_LAZY_PROXY; zend_type_error("The real instance class %s is not compatible with the proxy class %s. The proxy must be a instance of the same class as the real instance, or a sub-class with no additional properties, and no overrides of the __destructor or __clone methods.", zend_zval_value_name(&retval), ZSTR_VAL(obj->ce->name)); zval_ptr_dtor(&retval); - goto exit; + goto fail; } if (UNEXPECTED(Z_OBJ(retval) == obj || zend_object_is_lazy(Z_OBJ(retval)))) { - OBJ_EXTRA_FLAGS(obj) |= IS_OBJ_LAZY_UNINITIALIZED|IS_OBJ_LAZY_PROXY; zend_throw_error(NULL, "Lazy proxy factory must return a non-lazy object"); zval_ptr_dtor(&retval); - goto exit; + goto fail; } zend_fcc_dtor(&info->u.initializer.fcc); @@ -542,6 +556,21 @@ static zend_object *zend_lazy_object_init_proxy(zend_object *obj) } } + if (properties_table_snapshot) { + for (int i = 0; i < obj->ce->default_properties_count; i++) { + zval *p = &properties_table_snapshot[i]; + /* Use zval_ptr_dtor directly here (not zend_object_dtor_property), + * as any reference type_source will have already been deleted in + * case the prop is not bound to this value anymore. */ + i_zval_ptr_dtor(p); + } + efree(properties_table_snapshot); + } + + if (properties_snapshot) { + zend_release_properties(properties_snapshot); + } + instance = Z_OBJ(retval); exit: @@ -554,6 +583,11 @@ static zend_object *zend_lazy_object_init_proxy(zend_object *obj) } return instance; + +fail: + OBJ_EXTRA_FLAGS(obj) |= IS_OBJ_LAZY_UNINITIALIZED|IS_OBJ_LAZY_PROXY; + zend_lazy_object_revert_init(obj, properties_table_snapshot, properties_snapshot); + goto exit; } /* Initialize a lazy object. */