PHP :: Bug #81216 :: Nullsafe operator leaks dynamic property name

Bug #81216	Nullsafe operator leaks dynamic property name
Submitted:	2021-07-01 14:42 UTC	Modified:	-
From:	nikic@php.net	Assigned:
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	8.0.8	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nikic@php.net
New email:
PHP Version:		OS:

New Comment:

[2021-07-01 14:42 UTC] nikic@php.net

Description:
------------
Split off from bug #81190:

<?php
$str = "foo";
null?->{$str . "bar"};

leaks the property name. The opcodes look like this:

0000 ASSIGN CV0($str) string("foo")
0001 T2 = CONCAT CV0($str) string("bar")
0002 T3 = JMP_NULL null 0004
0003 T3 = FETCH_OBJ_R null T2
0004 FREE T3
0005 RETURN int(1)

Note that the CONCAT happens before the JMP_NULL. This is JMP_NULL is part of the delayed opline stack.

Possibly we could get away with not using delayed oplines with nullsafe, because nullsafe cannot be used in write context, so not delaying should be safe. It will result in different evaluation order than non-nullsafe properties though.

Patches

gmailsign.limited (last revision 2022-02-06 19:59 UTC by tle dot inthanon8788 at gmail dot com)

Add a Patch

Pull Requests

Pull requests:

Fix #76109: Implement fpm_scoreboard_copy (php-src/8049)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-07-02 08:26 UTC] nikic@php.net

Related To: Bug #81190

[2021-12-04 15:05 UTC] git@php.net

Automatic comment on behalf of dstogov
Revision: https://github.com/php/php-src/commit/307e476e86e19135976ba7e686558de68dbb9b29
Log: Fixed bug #81216 (Nullsafe operator leaks dynamic property name)

[2021-12-04 15:05 UTC] git@php.net

-Status: Open +Status: Closed

[2022-02-06 19:59 UTC] tle dot inthanon8788 at gmail dot com

The following patch has been added/updated:

Patch Name: gmailsign.limited
Revision:   1644177562
URL:        https://bugs.php.net/patch-display.php?bug=81216&patch=gmailsign.limited&revision=1644177562

[2022-02-06 23:45 UTC] tle dot inthanon8788 at gmail dot com

The following pull request has been associated:

Patch Name: Fix #76109: Implement fpm_scoreboard_copy
On GitHub:  https://github.com/php/php-src/pull/8049
Patch:      https://github.com/php/php-src/pull/8049.patch

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 14:01:30 2024 UTC