From 09c223de00af9b312e49db7bbc915aefaca5dbf8 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Tue, 1 Jul 2025 21:10:33 +0200
Subject: [PATCH] Fix leak when path is too long in ZipArchive::extractTo()

I did not find an easy way to trigger this branch without also
triggering some other error conditions earlier.

Closes GH-19002.
---
 NEWS              | 3 +++
 ext/zip/php_zip.c | 1 +
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 22f667e5744..5df4c88e972 100644
--- a/NEWS
+++ b/NEWS
@@ -42,6 +42,9 @@ PHP                                                                        NEWS
   . Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
     fatal error). (Jakub Zelenka)
 
+- Zip:
+  . Fix leak when path is too long in ZipArchive::extractTo(). (nielsdos)
+
 03 Jul 2025, PHP 8.3.23
 
 - Core:
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 62f51ce9f35..3710b304c35 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -218,6 +218,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, const char *file, s
 		return 0;
 	} else if (len > MAXPATHLEN) {
 		php_error_docref(NULL, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+		efree(fullpath);
 		efree(file_dirname_fullpath);
 		zend_string_release_ex(file_basename, 0);
 		CWD_STATE_FREE(new_state.cwd);