Fixed crash that occurred when a promoted constructor parameter had an attribute

[qxzkjp]

When a class constructor parameter had both a visibility modifier (promoting it to a class property) and an annotation with at least one argument, the PHP parser would crash when attempting to compile it.

This was caused by the attribute AST being used twice, and was fixed by creating a temporary copy of it (and destroying said copy) when neccesary.

Bug report: https://bugs.php.net/bug.php?id=79897

Minimal reproduction (warning: this will terminate your PHP process):

<<Attribute>>
class B {
    public function __construct($value)
    {
    }
}

class A {
    public function __construct(
        <<B(12)>> public $b
    )
    {
    }
}

[carusogabriel]

@qxzkjp Can you add a .phpt test case, please?

[qxzkjp]

Of course. I had a look over the other unit tests to see what sort of assertions to make, but I couldn't find any other crashing bug tests. I decided to just put an echo at the end of the file and test for the output from that. I hope that's an acceptable way to write the test, let me know if it's not.

[beberlei]

Two coding style nitpicks

[beberlei]

can you put this on the same line as the if?

[qxzkjp]

Done!

[beberlei]

can you remove this space?

[qxzkjp]

I'm assuming it was literally just this one blank line, not one of them? If so, it's done.

[qxzkjp]

If anyone saw the pipeline failure, that was me being caught out by the new attribute syntax changes being merged into master. The tests ran fine on my local machine, but the test server is always using the tip of master to parse the phpt files (apparently). So the old << syntax caused a test failure.

I've done a rebase onto master and updated the test. The changes have been squashed down into two commits: one implementing the fix, one adding the test.

[nikic]

This is a simple solution, but I'm not sure it is correct. zend_ast_copy is a bit badly named, it's not a plain AST copy, it's a copy from compile-time to run-time AST. At the least, I expect this to cause issues if the argument contains declarations, like <<A(function() {})>>. That's illegal, but will be rejected only later and will probably crash the copying code.

The solution I had in mind for this was to only compile the attribute once, and then copy the compiled attribute structure.

[qxzkjp]

For the record, @nikic , I tested your code snippet and it returns Fatal error: Constant expression contains invalid operations when used as a class attribute, a plain parameter attribute, and a promoted parameter attribute. So the copying code seems to not mind invalid ASTs (at least not that invalid AST). I leave it to the other experienced contributors to evaluate your concerns more broadly.

As far as copying the attributes goes, there does not yet seem to be a function to copy attributes (makes sense, why would there be). Would it be worth my time creating a second pull request (as an alternative to this) to implement that, or is it a big enough change that you'd rather a regular contributor did it?

[nikic]

After trying various edge cases and running some fuzz tests, it does seem like this works, so let's go with it.

[nikic]

It would be more useful to check the actual attribute arguments here:

var_dump((new ReflectionParameter(['A', '__construct'], 'b'))->getAttributes()[0]->getArguments());
var_dump((new ReflectionProperty('A', 'b'))->getAttributes()[0]->getArguments());

Also, please add a closing ?> here and drop the extra directory from the test (just Zend/tests/bug79897.phpt is enough).

[qxzkjp]

Alright, I've made the requested changes to this test. It definitely feels better to have the assertion actually asserting something specific 👍

[nikic]

This got merged in f475edc, looks like I forgot to close the PR.