Skip to content

Fix GH-20194: null offset deprecation not emitted for writes #20238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: PHP-8.5
Choose a base branch
from
Open

Fix GH-20194: null offset deprecation not emitted for writes #20238

wants to merge 6 commits into from
+666 −2,110

Conversation

@Girgias
Copy link
Member

@Girgias Girgias commented Oct 19, 2025

Based on the patch from @nielsdos and split into different commits to explain what affects what.

@alexandre-daubois
Copy link
Member

Not approving as it's still in draft, but looks good. Thanks for taking care of this!

@Girgias Girgias linked an issue Oct 20, 2025 that may be closed by this pull request
Using null as an array offset is not deprecated #20194
Open
arnaud-lb
arnaud-lb reviewed Oct 20, 2025
View reviewed changes
@Girgias Girgias changed the base branch from master to PHP-8.5 October 20, 2025 16:00
@Girgias Girgias marked this pull request as ready for review October 21, 2025 12:24
arnaud-lb
arnaud-lb approved these changes Oct 22, 2025
View reviewed changes
Copy link
Member

@arnaud-lb arnaud-lb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

dstogov
dstogov reviewed Oct 27, 2025
View reviewed changes
Zend/zend_vm_def.h
Comment on lines +6281 to +6286
} else if (UNEXPECTED(Z_TYPE_P(offset) == IS_NULL)) {
zend_error(E_DEPRECATED, "Using null as an array offset is deprecated, use an empty string instead");
if (UNEXPECTED(EG(exception))) {
zval_ptr_dtor_nogc(expr_ptr);
HANDLE_EXCEPTION();
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You know, each new warning opens a way to modify some involved zval through the user error handler.
In this case, user error handler may probably unset() op1 and this may lead to use-after-free on attempt to add new element.

It's better to add related test(s) and fix problem at first place.

cc @iluuu1994 @nielsdos

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed:

set_error_handler(function ($errno, $errstr) {
    var_dump($errstr);
    global $a;
    unset($a);
});

$a = new stdClass;
$b = [0, null => $a];

I usually spot those, but missed this one.

I hope we can come up with a general solution to avoid these issues (#20018 / #12805).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arnaud-lb arnaud-lb arnaud-lb approved these changes

@dstogov dstogov dstogov left review comments

@alexandre-daubois alexandre-daubois alexandre-daubois approved these changes

@nielsdos nielsdos Awaiting requested review from nielsdos

@bukka bukka Awaiting requested review from bukka bukka is a code owner

@kamil-tekiela kamil-tekiela Awaiting requested review from kamil-tekiela kamil-tekiela is a code owner

Assignees

No one assigned

Labels

ABI break Category: Engine Category: Optimizer Extension: mysqli Extension: pcre Extension: spl Extension: standard

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using null as an array offset is not deprecated

4 participants

@Girgias @alexandre-daubois @arnaud-lb @dstogov