Fix #179: uopz_set_static() does not check that $static is an array

Instead of using the very generic `z` type specifier, we use the `a` specifier of ZPP to avoid accepting anything but an array. We also add an assertion to make it clear to readers that `statics` is actually an array at this point.
krakjoe · Aug 3, 2024 · d7a4ae8 · d7a4ae8
1 parent 0a87ecb
commit d7a4ae8
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/src/function.c b/src/function.c
@@ -323,6 +323,7 @@ zend_bool uopz_set_static(zend_class_entry *clazz, zend_string *function, zval *
 			zval_ptr_dtor(v);
 		}
 
+		ZEND_ASSERT(Z_TYPE_P(statics) == IS_ARRAY);
 		if (!(y = zend_hash_find(Z_ARRVAL_P(statics), k))) {
 			ZVAL_NULL(v);
 

diff --git a/tests/bugs/gh179.phpt b/tests/bugs/gh179.phpt
@@ -0,0 +1,17 @@
+--TEST--
+uopz_set_static() does not check that $static is an array
+--EXTENSIONS--
+uopz
+--INI--
+uopz.disable=0
+--FILE--
+<?php
+function foo() {
+    static $a = "a";
+}
+
+uopz_set_static("foo", 42);
+?>
+--EXPECTF--
+Fatal error: Uncaught InvalidArgumentException: unexpected parameter combination, expected (class, function, statics) or (function, statics) in %s:%d
+%A
diff --git a/uopz.c b/uopz.c
@@ -334,8 +334,8 @@ static PHP_FUNCTION(uopz_set_static)
 
 	uopz_disabled_guard();
 
-	if (uopz_parse_parameters("CSz", &clazz, &function, &statics) != SUCCESS &&
-		uopz_parse_parameters("Sz", &function, &statics) != SUCCESS) {
+	if (uopz_parse_parameters("CSa", &clazz, &function, &statics) != SUCCESS &&
+		uopz_parse_parameters("Sa", &function, &statics) != SUCCESS) {
 		uopz_refuse_parameters(
 				"unexpected parameter combination, expected (class, function, statics) or (function, statics)");
 		return;