Automated rollback of commit 8f569de.

haberman · copybara-github · commit 94fe944f49ff · 2025-12-12T13:31:24.000-08:00
PiperOrigin-RevId: 843812355
diff --git a/php/ext/google/protobuf/message.c b/php/ext/google/protobuf/message.c
@@ -65,7 +65,8 @@ static zend_object* Message_create(zend_class_entry* class_type) {
   Message_SuppressDefaultProperties(class_type);
   zend_object_std_init(&intern->std, class_type);
   intern->std.handlers = &message_object_handlers;
-  Arena_Init(&intern->arena);
+  intern->desc = NULL;
+  ZVAL_NULL(&intern->arena);
   return &intern->std;
 }
 
@@ -89,6 +90,15 @@ static void Message_dtor(zend_object* obj) {
  * Helper function to look up a field given a member name (as a string).
  */
 static const upb_FieldDef* get_field(Message* msg, zend_string* member) {
+  if (!msg || !msg->desc || !msg->desc->msgdef) {
+    zend_throw_exception_ex(NULL, 0,
+                            "Couldn't find descriptor. "
+                            "The message constructor was likely bypassed, "
+                            "resulting in an uninitialized descriptor.");
+
+    return NULL;
+  }
+
   const upb_MessageDef* m = msg->desc->msgdef;
   const upb_FieldDef* f = upb_MessageDef_FindFieldByNameWithSize(
       m, ZSTR_VAL(member), ZSTR_LEN(member));
@@ -530,6 +540,7 @@ bool Message_InitFromPhp(upb_Message* msg, const upb_MessageDef* m, zval* init,
 static void Message_Initialize(Message* intern, const Descriptor* desc) {
   intern->desc = desc;
   const upb_MiniTable* t = upb_MessageDef_MiniTable(desc->msgdef);
+  Arena_Init(&intern->arena);
   intern->msg = upb_Message_New(t, Arena_Get(&intern->arena));
   ObjCache_Add(intern->msg, &intern->std);
 }
@@ -544,7 +555,6 @@ PHP_METHOD(Message, __construct) {
   Message* intern = (Message*)Z_OBJ_P(getThis());
   const Descriptor* desc;
   zend_class_entry* ce = Z_OBJCE_P(getThis());
-  upb_Arena* arena = Arena_Get(&intern->arena);
   zval* init_arr = NULL;
 
   // This descriptor should always be available, as the generated __construct
@@ -573,7 +583,8 @@ PHP_METHOD(Message, __construct) {
   }
 
   if (init_arr) {
-    Message_InitFromPhp(intern->msg, desc->msgdef, init_arr, arena);
+    Message_InitFromPhp(intern->msg, desc->msgdef, init_arr,
+                        Arena_Get(&intern->arena));
   }
 }
 
diff --git a/php/tests/GeneratedClassTest.php b/php/tests/GeneratedClassTest.php
@@ -21,12 +21,27 @@
 use Php\Test\TestNamespace;
 
 # This is not allowed, but we at least shouldn't crash.
-class C extends \Google\Protobuf\Internal\Message {
-    public function __construct($data = null) {
+class C extends \Google\Protobuf\Internal\Message
+{
+    public function __construct($data = null)
+    {
         parent::__construct($data);
     }
 }
 
+# This is not allowed, but we at least shouldn't crash.
+class TestMessageMockProxy extends TestMessage
+{
+    public $_proxy_data = null;
+
+    public function __construct($data = null)
+    {
+        $this->_proxy_data = $data;
+        // bypass parent constructor
+        // This is common behavior by phpunit ond other mock/proxy libraries
+    }
+}
+
 class GeneratedClassTest extends TestBase
 {
 
@@ -1964,6 +1979,38 @@ public function testNoSegfaultWithError()
         new TestMessage(['optional_int32' => $this->throwIntendedException()]);
     }
 
+    public function testNoSegfaultWithContructorBypass()
+    {
+        if (!extension_loaded('protobuf')) {
+            $this->markTestSkipped('PHP Protobuf extension is not loaded');
+        }
+
+        $this->expectException(Exception::class);
+        $this->expectExceptionMessage(
+            "Couldn't find descriptor. " .
+            "The message constructor was likely bypassed, resulting in an uninitialized descriptor."
+        );
+
+        $m = new TestMessageMockProxy(['optional_int32' => 123]);
+
+        /**
+         * At this point the message constructor was bypassed and the descriptor is not initialized.
+         * This is a common PHP pattern where a proxy/mock class extends a concrete class,
+         * frequently used in frameworks like PHPUnit, phpspec, and Mockery.
+         *
+         * When this happens, the message's internal descriptor is never initialized.
+         *
+         * Without proper handling, accessing properties via getters (like $this->getOptionalInt32())
+         * would cause the C extension to segfault when trying to access the uninitialized descriptor.
+         *
+         * Instead of segfaulting, we now detect this uninitialized state and throw an exception.
+         *
+         * See: https://github.com/protocolbuffers/protobuf/issues/19978
+         */
+
+        $m->getOptionalInt32();
+    }
+
     public function testNoExceptionWithVarDump()
     {
         $m = new Sub(['a' => 1]);
