From 789627612a487a60dfd8ee66c09d84090e22a382 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 29 Dec 2024 17:05:37 +0100
Subject: [PATCH] Prevent string duplication if QName without prefix is given

---
 ext/simplexml/simplexml.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
index 6c636329a6f..2c149e14d34 100644
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@@ -1640,10 +1640,11 @@ PHP_METHOD(SimpleXMLElement, addChild)
 {
 	php_sxe_object *sxe;
 	char           *qname, *value = NULL, *nsuri = NULL;
-	size_t             qname_len, value_len = 0, nsuri_len = 0;
+	size_t          qname_len, value_len = 0, nsuri_len = 0;
 	xmlNodePtr      node, newnode;
 	xmlNsPtr        nsptr = NULL;
 	xmlChar        *localname, *prefix = NULL;
+	bool            free_localname = false;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|s!s!",
 		&qname, &qname_len, &value, &value_len, &nsuri, &nsuri_len) == FAILURE) {
@@ -1674,7 +1675,9 @@ PHP_METHOD(SimpleXMLElement, addChild)
 
 	localname = xmlSplitQName2((xmlChar *)qname, &prefix);
 	if (localname == NULL) {
-		localname = xmlStrdup((xmlChar *)qname);
+		localname = (xmlChar *)qname;
+	} else {
+		free_localname = true;
 	}
 
 	newnode = xmlNewChild(node, NULL, localname, (xmlChar *)value);
@@ -1694,7 +1697,9 @@ PHP_METHOD(SimpleXMLElement, addChild)
 
 	node_as_zval_str(sxe, newnode, return_value, SXE_ITER_NONE, localname, prefix, 0);
 
-	xmlFree(localname);
+	if (free_localname) {
+		xmlFree(localname);
+	}
 	if (prefix != NULL) {
 		xmlFree(prefix);
 	}