aerscript/Aer
0
5
Fork 0
Code Issues 6 Pull Requests Releases 2 Wiki Activity

PH7_CompileScript() and GenStateCompileChunk() called from several places allows invalid constructions #40

New Issue
Closed
opened 2018-08-10 22:23:07 +02:00 by belliash · 1 comment
belliash commented 2018-08-10 22:23:07 +02:00
Owner
Copy Link

GenStateCompileChunk() is a function that compiles a given chunk of code. It is called from PH7_CompilePHP(). PH7_CompilePHP() is called from PH7_CompileScript(). Finally, PH7_CompileScript() is called from ProcessScript() or VmEvalChunk(). Below more detailed call schema:

ph7_compile_file()
-> ProcessScript()
	-> PH7_CompileScript()
		-> PH7_CompilePHP()
			-> GenStateCompileChunk()


vm_builtin_eval()
-> VmEvalChunk()
	-> PH7_CompileScript()
		-> PH7_CompilePHP()
			-> GenStateCompileChunk()


vm_builtin_require()
 -> VmExecIncludedFile()
	-> VmEvalChunk()
		-> PH7_CompileScript()
			-> PH7_CompilePHP()
				-> GenStateCompileChunk()

Additionally, GenStateCompileChunk() is also called from PH7_CompileBlock(), that is called from every functions compiling most constructs (eg. if, for, switch, do, while, functions, methods, etc...).

Because GenStateCompileChunk() is called when new file is loaded as well as when function body or if construct is compiled, the same code is executed then. This leads to strange situations. PH7 Engine allows to define a class inside another method. To be honest it allows to define a class anywhere GenStateCompileChunk() is called from. Thus, it is possible to execute below code:

class A {
    function B() {
        class C {
            function D() {
                [...]
            }
        }
    }
}

And this is not really a PH7 problem, because the same code can be successfully executed with PHP ...

GenStateCompileChunk() is a function that compiles a given chunk of code. It is called from PH7_CompilePHP(). PH7_CompilePHP() is called from PH7_CompileScript(). Finally, PH7_CompileScript() is called from ProcessScript() or VmEvalChunk(). Below more detailed call schema: ph7_compile_file() -> ProcessScript() -> PH7_CompileScript() -> PH7_CompilePHP() -> GenStateCompileChunk() vm_builtin_eval() -> VmEvalChunk() -> PH7_CompileScript() -> PH7_CompilePHP() -> GenStateCompileChunk() vm_builtin_require() -> VmExecIncludedFile() -> VmEvalChunk() -> PH7_CompileScript() -> PH7_CompilePHP() -> GenStateCompileChunk() Additionally, GenStateCompileChunk() is also called from PH7_CompileBlock(), that is called from every functions compiling most constructs (eg. if, for, switch, do, while, functions, methods, etc...). Because GenStateCompileChunk() is called when new file is loaded as well as when function body or __if__ construct is compiled, the same code is executed then. This leads to strange situations. PH7 Engine allows to define a class inside another method. To be honest it allows to define a class anywhere GenStateCompileChunk() is called from. Thus, it is possible to execute below code: class A { function B() { class C { function D() { [...] } } } } And this is not really a PH7 problem, because the same code can be successfully executed with PHP ...
belliash added the
bug
 label 2018-08-10 22:23:07 +02:00
belliash added the
aerscript
 label 2018-08-11 07:30:57 +02:00
belliash self-assigned this 2018-08-11 21:09:57 +02:00
belliash commented 2018-08-11 21:10:01 +02:00
Author
Owner
Copy Link

Will be done in compiler_rework branch.

Will be done in compiler_rework branch.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
aerscript
Changes related to Aer specification
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
idea
This is an idea
question
More information is needed
won't fix
This won't be fixed
No Label
aerscript
bug
Milestone
No items
No Milestone
Assignees
Clear assignees
belliash devnexen
No Assignees belliash
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: aerscript/Aer#40
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?