Fix in-place coercion for frameless calls

String parameters now create a temporary copy. Unfortunately, this requires some
manual handling within the given frameless handlers.

Author: iluuu1994

Zend/zend_builtin_functions.c

@@ -1039,14 +1039,15 @@ ZEND_FUNCTION(class_exists)
 
 ZEND_FRAMELESS_FUNCTION(class_exists, 1)
 {
+	zval name_tmp;
 	zend_string *name;
 
-	if (!zend_parse_arg_str(arg1, &name, /* null_check */ false, 1)) {
-		zend_wrong_parameter_type_error(1, Z_EXPECTED_STRING, arg1);
-		RETURN_THROWS();
-	}
+	Z_FL_PARAM_STR(1, name, name_tmp);
 
 	_class_exists_impl(return_value, name, /* autoload */ true, ZEND_ACC_LINKED, ZEND_ACC_INTERFACE | ZEND_ACC_TRAIT);
+
+fl_clean:
+	Z_FL_PARAM_FREE_STR(1, name_tmp);
 }
 
 /* {{{ Checks if the class exists */

Zend/zend_frameless_function.h

@@ -29,6 +29,40 @@
 #define ZEND_FRAMELESS_FUNCTION(name, arity) \
 	void ZEND_FRAMELESS_FUNCTION_NAME(name, arity)(DIRECT_FUNCTION_PARAMETERS_##arity)
 
+#define Z_FL_PARAM_ZVAL(arg_num, dest) \
+	dest = arg ## arg_num;
+#define Z_FL_PARAM_ARRAY(arg_num, dest) \
+	if (!zend_parse_arg_array(arg ## arg_num, &dest, /* null_check */ false, /* or_object */ false)) { \
+		zend_wrong_parameter_type_error(arg_num, Z_EXPECTED_ARRAY, arg ## arg_num); \
+		goto fl_clean; \
+	}
+#define Z_FL_PARAM_BOOL(arg_num, dest) \
+	if (!zend_parse_arg_bool(arg ## arg_num, &dest, /* is_null */ NULL, /* null_check */ false, arg_num)) { \
+		zend_wrong_parameter_type_error(arg_num, Z_EXPECTED_BOOL, arg ## arg_num); \
+		goto fl_clean; \
+	}
+#define Z_FL_PARAM_LONG(arg_num, dest) \
+	if (!zend_parse_arg_long(arg ## arg_num, &dest, /* is_null */ NULL, /* null_check */ false, arg_num)) { \
+		zend_wrong_parameter_type_error(arg_num, Z_EXPECTED_LONG, arg ## arg_num); \
+		goto fl_clean; \
+	}
+#define Z_FL_PARAM_STR(arg_num, dest, tmp) \
+	if (Z_TYPE_P(arg ## arg_num) == IS_STRING) { \
+		dest = Z_STR_P(arg ## arg_num); \
+	} else { \
+		ZVAL_COPY(&tmp, arg ## arg_num); \
+		arg ## arg_num = &tmp; \
+		if (!zend_parse_arg_str(arg ## arg_num, &dest, /* null_check */ false, arg_num)) { \
+			zend_wrong_parameter_type_error(arg_num, Z_EXPECTED_STRING, arg ## arg_num); \
+			goto fl_clean; \
+		} \
+	}
+#define Z_FL_PARAM_FREE_STR(arg_num, tmp) \
+	if (UNEXPECTED(arg ## arg_num == &tmp)) { \
+		zval_ptr_dtor(arg ## arg_num); \
+	}
+#define Z_FL_FUNC_CLEAN() fm_func_end:
+
 typedef struct _zval_struct zval;
 
 typedef void (*zend_frameless_function_0)(zval *return_value);

ext/standard/array.c

@@ -1684,31 +1684,28 @@ PHP_FUNCTION(in_array)
 
 ZEND_FRAMELESS_FUNCTION(in_array, 2)
 {
-	zval *array;
+	zval *value, *array;
 
-	if (!zend_parse_arg_array(arg2, &array, /* null_check */ false, /* or_object */ false)) {
-		zend_wrong_parameter_type_error(2, Z_EXPECTED_ARRAY, arg2);
-		RETURN_THROWS();
-	}
+	Z_FL_PARAM_ZVAL(1, value);
+	Z_FL_PARAM_ARRAY(2, array);
 
-	_php_search_array(return_value, arg1, array, false, 0);
+	_php_search_array(return_value, value, array, false, 0);
+
+fl_clean:;
 }
 
 ZEND_FRAMELESS_FUNCTION(in_array, 3)
 {
-	zval *array;
-	bool strict = 0;
+	zval *value, *array;
+	bool strict;
 
-	if (!zend_parse_arg_array(arg2, &array, /* null_check */ false, /* or_object */ false)) {
-		zend_wrong_parameter_type_error(2, Z_EXPECTED_ARRAY, arg2);
-		RETURN_THROWS();
-	}
-	if (!zend_parse_arg_bool(arg2, &strict, NULL, /* null_check */ false, 3)) {
-		zend_wrong_parameter_type_error(3, Z_EXPECTED_BOOL, arg3);
-		RETURN_THROWS();
-	}
+	Z_FL_PARAM_ZVAL(1, value);
+	Z_FL_PARAM_ARRAY(2, array);
+	Z_FL_PARAM_BOOL(3, strict);
+
+	_php_search_array(return_value, value, array, strict, 0);
 
-	_php_search_array(return_value, arg1, array, false, strict);
+fl_clean:;
 }
 
 /* {{{ Searches the array for a given value and returns the corresponding key if successful */