From 66c833444cf9a52a2e95656d1116efdb8495d507 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 4 Oct 2025 12:20:49 +0200 Subject: [PATCH] phar: Fix memory leaks when creating temp file fails when applying zip signature Also fixes up the error propagation at the call site which jumped to the wrong place in the error handling code. Closes GH-20057. --- NEWS | 2 ++ ext/phar/zip.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index c25c1922f8b..82b1cd77d7c 100644 --- a/NEWS +++ b/NEWS @@ -38,6 +38,8 @@ PHP NEWS - Phar: . Fix memory leak and invalid continuation after tar header writing fails. (nielsdos) + . Fix memory leaks when creating temp file fails when applying zip signature. + (nielsdos) - SimpleXML: . Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)). diff --git a/ext/phar/zip.c b/ext/phar/zip.c index 87681c69959..dff170dc29b 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -1192,7 +1192,9 @@ static int phar_zip_applysignature(phar_archive_data *phar, struct _phar_zip_pas entry.fp_type = PHAR_MOD; entry.is_modified = 1; if (entry.fp == NULL) { + efree(signature); spprintf(pass->error, 0, "phar error: unable to create temporary file for signature"); + php_stream_close(newfile); return FAILURE; } @@ -1456,11 +1458,12 @@ fperror: phar_metadata_tracker_try_ensure_has_serialized_data(&phar->metadata_tracker, phar->is_persistent); if (temperr) { +temperror: if (error) { spprintf(error, 4096, "phar zip flush of \"%s\" failed: %s", phar->fname, temperr); } efree(temperr); -temperror: +notemperror: php_stream_close(pass.centralfp); nocentralerror: php_stream_close(pass.filefp); @@ -1488,7 +1491,7 @@ nocentralerror: if (error) { spprintf(error, 4096, "phar zip flush of \"%s\" failed: unable to write central-directory", phar->fname); } - goto temperror; + goto notemperror; } }