private function instantiate(Clazz $customSerializer = null, Clazz $instanceClass) { if (!is_null($customSerializer)) { $customFieldSerialize = SerializabilityUtilEx::loadCustomFieldSerializer($customSerializer); if (is_null($customFieldSerialize)) { foreach ($customSerializer->getMethods() as $method) { if ($method->getName() === 'instantiate') { return $method->invoke($this); } } // Ok to not have one } else { if ($customFieldSerialize->hasCustomInstantiateInstance()) { return $customFieldSerialize->instantiateInstance($this); } } } if ($instanceClass->isArray()) { $length = $this->readInt(); // We don't pre-allocate the array; this prevents an allocation attack return new SSSR_BoundedList($instanceClass->getComponentType(), $length); } else { if ($instanceClass->isEnum()) { // Bypass enum transformation $ordinal = $this->readInt(); $values = $instanceClass->getEnumValues(); assert(in_array($ordinal, $values, true)); return $ordinal; } else { $constructor = $instanceClass->getConstructor(); $constructor->setAccessible(true); return $constructor->newInstance(); } } }