Fix #80284: Return Value Not Checked from Function Call

[cmb69]

We assert that retval IS_UNDEF if call_user_function(), to catch
a potentially uninitialized retval. This might also help static code
analyzers to avoid raising false positives.

---

I don't see any issues with the current code, but still it might be a good idea to assert this condition. Probably PHP-8.0 or the "master" branch would be more appropriate targets for this change.

[nikic]

I don't think this change makes sense. This is just asserting the contract of the function.

Longer term, we should probably make call_user_function() effectively infallible, by throwing if the function cannot be called.

[cmb69]

I think we should at least document such contracts by adding respective comments, since there appears to be some confusion, e.g. no need to ZVAL_FALSE(&retval) here:

php-src/ext/standard/assert.c

Lines 179 to 189 in b6a93c3

	ZVAL_FALSE(&retval);
	if (description_str) {
	ZVAL_STR(&args[3], description_str);
	call_user_function(NULL, NULL, &ASSERTG(callback), &retval, 4, args);
	} else {
	call_user_function(NULL, NULL, &ASSERTG(callback), &retval, 3, args);
	}
	zval_ptr_dtor(&args[0]);
	zval_ptr_dtor(&retval);

Making _call_user_function_impl() infallible is fine for me; or maybe add assertions to the function?