Merge branch '4.4' into 5.1

* 4.4:
  prevent hash collisions caused by reused object hashes
  autoconfigure behavior describing tags on decorators
  [Validator][RecursiveContextualValidator] Prevent validated hash collisions

Author: xabbuh

Context/ExecutionContext.php

@@ -128,6 +128,7 @@ class ExecutionContext implements ExecutionContextInterface
      * @var array
      */
     private $initializedObjects;
+    private $cachedObjectsRefs;
 
     /**
      * @param mixed $root The root value of the validated object graph
@@ -141,6 +142,7 @@ public function __construct(ValidatorInterface $validator, $root, TranslatorInte
         $this->translator = $translator;
         $this->translationDomain = $translationDomain;
         $this->violations = new ConstraintViolationList();
+        $this->cachedObjectsRefs = new \SplObjectStorage();
     }
 
     /**
@@ -346,4 +348,20 @@ public function isObjectInitialized(string $cacheKey): bool
     {
         return isset($this->initializedObjects[$cacheKey]);
     }
+
+    /**
+     * @internal
+     *
+     * @param object $object
+     *
+     * @return string
+     */
+    public function generateCacheKey($object)
+    {
+        if (!isset($this->cachedObjectsRefs[$object])) {
+            $this->cachedObjectsRefs[$object] = spl_object_hash($object);
+        }
+
+        return $this->cachedObjectsRefs[$object];
+    }
 }

Tests/Validator/RecursiveValidatorTest.php

@@ -13,11 +13,14 @@
 
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Translation\IdentityTranslator;
+use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\Constraints\All;
 use Symfony\Component\Validator\Constraints\Callback;
 use Symfony\Component\Validator\Constraints\Collection;
 use Symfony\Component\Validator\Constraints\Expression;
 use Symfony\Component\Validator\Constraints\GroupSequence;
+use Symfony\Component\Validator\Constraints\IsFalse;
+use Symfony\Component\Validator\Constraints\IsNull;
 use Symfony\Component\Validator\Constraints\IsTrue;
 use Symfony\Component\Validator\Constraints\Length;
 use Symfony\Component\Validator\Constraints\NotBlank;
@@ -26,6 +29,7 @@
 use Symfony\Component\Validator\Constraints\Required;
 use Symfony\Component\Validator\Constraints\Traverse;
 use Symfony\Component\Validator\Constraints\Valid;
+use Symfony\Component\Validator\ConstraintValidator;
 use Symfony\Component\Validator\ConstraintValidatorFactory;
 use Symfony\Component\Validator\ConstraintViolationInterface;
 use Symfony\Component\Validator\Context\ExecutionContextFactory;
@@ -2135,4 +2139,66 @@ public function testOptionalConstraintIsIgnored()
 
         $this->assertCount(0, $violations);
     }
+
+    public function testValidatedConstraintsHashesDoNotCollide()
+    {
+        $metadata = new ClassMetadata(Entity::class);
+        $metadata->addPropertyConstraint('initialized', new NotNull(['groups' => 'should_pass']));
+        $metadata->addPropertyConstraint('initialized', new IsNull(['groups' => 'should_fail']));
+
+        $this->metadataFactory->addMetadata($metadata);
+
+        $entity = new Entity();
+        $entity->data = new \stdClass();
+
+        $this->assertCount(2, $this->validator->validate($entity, new TestConstraintHashesDoNotCollide()));
+    }
+
+    public function testValidatedConstraintsHashesDoNotCollideWithSameConstraintValidatingDifferentProperties()
+    {
+        $value = new \stdClass();
+
+        $entity = new Entity();
+        $entity->firstName = $value;
+        $entity->setLastName($value);
+
+        $validator = $this->validator->startContext($entity);
+
+        $constraint = new IsNull();
+        $validator->atPath('firstName')
+            ->validate($entity->firstName, $constraint);
+        $validator->atPath('lastName')
+            ->validate($entity->getLastName(), $constraint);
+
+        $this->assertCount(2, $validator->getViolations());
+    }
+}
+
+final class TestConstraintHashesDoNotCollide extends Constraint
+{
+}
+
+final class TestConstraintHashesDoNotCollideValidator extends ConstraintValidator
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function validate($value, Constraint $constraint)
+    {
+        if (!$value instanceof Entity) {
+            throw new \LogicException();
+        }
+
+        $this->context->getValidator()
+            ->inContext($this->context)
+            ->atPath('data')
+            ->validate($value, new NotNull())
+            ->validate($value, new NotNull())
+            ->validate($value, new IsFalse());
+
+        $this->context->getValidator()
+            ->inContext($this->context)
+            ->validate($value, null, new GroupSequence(['should_pass']))
+            ->validate($value, null, new GroupSequence(['should_fail']));
+    }
 }

Validator/RecursiveContextualValidator.php

@@ -108,7 +108,7 @@ public function validate($value, $constraints = null, $groups = null)
             $this->validateGenericNode(
                 $value,
                 $previousObject,
-                \is_object($value) ? spl_object_hash($value) : null,
+                \is_object($value) ? $this->generateCacheKey($value) : null,
                 $metadata,
                 $this->defaultPropertyPath,
                 $groups,
@@ -176,7 +176,7 @@ public function validateProperty($object, string $propertyName, $groups = null)
 
         $propertyMetadatas = $classMetadata->getPropertyMetadata($propertyName);
         $groups = $groups ? $this->normalizeGroups($groups) : $this->defaultGroups;
-        $cacheKey = spl_object_hash($object);
+        $cacheKey = $this->generateCacheKey($object);
         $propertyPath = PropertyPath::append($this->defaultPropertyPath, $propertyName);
 
         $previousValue = $this->context->getValue();
@@ -224,7 +224,7 @@ public function validatePropertyValue($objectOrClass, string $propertyName, $val
         if (\is_object($objectOrClass)) {
             $object = $objectOrClass;
             $class = \get_class($object);
-            $cacheKey = spl_object_hash($objectOrClass);
+            $cacheKey = $this->generateCacheKey($objectOrClass);
             $propertyPath = PropertyPath::append($this->defaultPropertyPath, $propertyName);
         } else {
             // $objectOrClass contains a class name
@@ -311,7 +311,7 @@ private function validateObject($object, string $propertyPath, array $groups, in
 
             $this->validateClassNode(
                 $object,
-                spl_object_hash($object),
+                $this->generateCacheKey($object),
                 $classMetadata,
                 $propertyPath,
                 $groups,
@@ -425,7 +425,7 @@ private function validateClassNode(object $object, ?string $cacheKey, ClassMetad
             $defaultOverridden = false;
 
             // Use the object hash for group sequences
-            $groupHash = \is_object($group) ? spl_object_hash($group) : $group;
+            $groupHash = \is_object($group) ? $this->generateCacheKey($group, true) : $group;
 
             if ($context->isGroupValidated($cacheKey, $groupHash)) {
                 // Skip this group when validating the properties and when
@@ -730,7 +730,7 @@ private function validateInGroup($value, ?string $cacheKey, MetadataInterface $m
             // Prevent duplicate validation of constraints, in the case
             // that constraints belong to multiple validated groups
             if (null !== $cacheKey) {
-                $constraintHash = spl_object_hash($constraint);
+                $constraintHash = $this->generateCacheKey($constraint, true);
                 // instanceof Valid: In case of using a Valid constraint with many groups
                 // it makes a reference object get validated by each group
                 if ($constraint instanceof Composite || $constraint instanceof Valid) {
@@ -762,4 +762,22 @@ private function validateInGroup($value, ?string $cacheKey, MetadataInterface $m
             }
         }
     }
+
+    /**
+     * @param object $object
+     */
+    private function generateCacheKey($object, bool $dependsOnPropertyPath = false): string
+    {
+        if ($this->context instanceof ExecutionContext) {
+            $cacheKey = $this->context->generateCacheKey($object);
+        } else {
+            $cacheKey = spl_object_hash($object);
+        }
+
+        if ($dependsOnPropertyPath) {
+            $cacheKey .= $this->context->getPropertyPath();
+        }
+
+        return $cacheKey;
+    }
 }