Don't use scope when validating Attribute

This is not safe to do at this point. Even if we made it safe,
we'd see inconsistencies due to a partially compiled class.

Fixes oss-fuzz #28129.

2 files changed, 13 insertions, 1 deletions

diff --git a/Zend/tests/attributes/032_attribute_validation_scope.phpt b/Zend/tests/attributes/032_attribute_validation_scope.phpt
new file mode 100644
index 0000000000..039a427254
--- /dev/null
+++ b/Zend/tests/attributes/032_attribute_validation_scope.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Validation for "Attribute" does not use a scope when evaluating constant ASTs
+--FILE--
+<?php
+#[Attribute(parent::x)]
+class x extends y {}
+?>
+--EXPECTF--
+Fatal error: Cannot access "parent" when no class scope is active in %s on line %d
diff --git a/Zend/zend_attributes.c b/Zend/zend_attributes.c
index 29a2f4a732..ae07802b5b 100644
--- a/Zend/zend_attributes.c
+++ b/Zend/zend_attributes.c
@@ -33,7 +33,10 @@ void validate_attribute(zend_attribute *attr, uint32_t target, zend_class_entry
 	if (attr->argc > 0) {
 		zval flags;
 
-		if (FAILURE == zend_get_attribute_value(&flags, attr, 0, scope)) {
+		/* As this is run in the middle of compilation, fetch the attribute value without
+		 * specifying a scope. The class is not fully linked yet, and we may seen an
+		 * inconsistent state. */
+		if (FAILURE == zend_get_attribute_value(&flags, attr, 0, NULL)) {
 			return;
 		}