From 216e87ad7e33fda75f33e31c36a30b04b90e4696 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Thu, 4 Sep 2025 22:46:07 +0200
Subject: [PATCH] Fix memory leak in zip when encountering empty glob result

The case of returning 0 is inconsistent in when it returns an empty
array, furthermore the caller already returns an empty array.
Because the caller overwrites the return value in these cases, it can
cause a memory leak.

This is easier to trigger on master in some cases as different code paths
are taken with the new bundled glob. On some platforms it is also
triggerable on 8.3.

Closes GH-19715.
---
 NEWS              | 3 +++
 ext/zip/php_zip.c | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index ed92a4588de..80d74f373a1 100644
--- a/NEWS
+++ b/NEWS
@@ -52,6 +52,9 @@ PHP                                                                        NEWS
     deprecation and TidyInternalCategory being available later than
     tidyOptGetCategory. (arjendekorte)
 
+- Zip:
+  . Fix memory leak in zip when encountering empty glob result. (nielsdos)
+
 28 Aug 2025, PHP 8.3.25
 
 - Core:
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 3710b304c35..9f1d296336e 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -668,7 +668,6 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v
 			   can be used for simple glob() calls without further error
 			   checking.
 			*/
-			array_init(return_value);
 			return 0;
 		}
 #endif
@@ -677,7 +676,6 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v
 
 	/* now catch the FreeBSD style of "no matches" */
 	if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
-		array_init(return_value);
 		return 0;
 	}