php-cfg icon indicating copy to clipboard operation
php-cfg copied to clipboard
verified publisher icon ircmaxell

Function uses global variable causes inconsistency in variable id

Open quanyang opened this issue 9 years ago • 2 comments

Example:

<?php
$global = "B";
function TestTaintOnFunction() {
    global $global;
    $secondVar = "2";
    echo $global;
}

Results in:

    Expr_Assign
        var: Var#1<$global>
        expr: LITERAL('B')
        result: Var#2
    Stmt_Function<TestTaintOnFunction>

Function TestTaintOnFunction():
Block#1
    Terminal_GlobalVar
        var: LITERAL('global')
    Expr_Assign
        var: Var#1<$secondVar>
        expr: LITERAL('2')
        result: Var#2
    Terminal_Echo
        expr: Var#3<$global>

Anyway to make the id consistent?

quanyang avatar May 09 '16 19:05 quanyang

Something to consider here is that the pseudo-main scope of a file does not necessarily coincide with the global scope. Consider this scenario:

// file1.php
<?php
$global = "B";
function test() {
    global $global;
    echo $global;
}

// file2.php
<?php
$global = "A";
function run() {
    require __DIR__ . '/file1.php';
}
run();

And then execute file2.php. In this case the $global variable from file1.php will actually be a local variable inside the run function and global $global will instead reference the $global from file2.php. (Nowadays files are nearly always included from something other than the global scope due to autoloading, so this is not entirely idle speculation.)

nikic avatar May 10 '16 15:05 nikic

Yes that could be a possibility. However, the currently php-cfg implementation is not be able to handle inclusion of external files, am I right?

Do you think it'd be possible at all to fix this issue for global vars?

quanyang avatar May 10 '16 18:05 quanyang