From ce0df1a9d82dbb3166a889327ebb1c59a640f95f Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 19 Oct 2025 00:11:34 +0200 Subject: [PATCH] phar: Fix memory leak when opening temp file fails while trying to open gzip-compressed archive `filterparams` can leak if `php_stream_fopen_tmpfile()` fails. To solve this, move the temp file creation first. Closes GH-20220. --- NEWS | 2 ++ ext/phar/phar.c | 11 ++++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 4345f86f98e..27214db0b90 100644 --- a/NEWS +++ b/NEWS @@ -57,6 +57,8 @@ PHP NEWS of type size_t. (Girgias) . Fix memory leak when openssl polyfill returns garbage. (nielsdos) . Fix file descriptor leak in phar_zip_flush() on failure. (nielsdos) + . Fix memory leak when opening temp file fails while trying to open + gzip-compressed archive. (nielsdos) - Random: . Fix Randomizer::__serialize() w.r.t. INDIRECTs. (nielsdos) diff --git a/ext/phar/phar.c b/ext/phar/phar.c index b7baf9e69ce..a9aff9489df 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1672,6 +1672,12 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char if (!PHAR_G(has_zlib)) { MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\" to temporary file, enable zlib extension in php.ini") } + + /* entire file is gzip-compressed, uncompress to temporary file */ + if (!(temp = php_stream_fopen_tmpfile())) { + MAPPHAR_ALLOC_FAIL("unable to create temporary file for decompression of gzipped phar archive \"%s\"") + } + array_init(&filterparams); /* this is defined in zlib's zconf.h */ #ifndef MAX_WBITS @@ -1679,11 +1685,6 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char #endif add_assoc_long_ex(&filterparams, "window", sizeof("window") - 1, MAX_WBITS + 32); - /* entire file is gzip-compressed, uncompress to temporary file */ - if (!(temp = php_stream_fopen_tmpfile())) { - MAPPHAR_ALLOC_FAIL("unable to create temporary file for decompression of gzipped phar archive \"%s\"") - } - php_stream_rewind(fp); filter = php_stream_filter_create("zlib.inflate", &filterparams, php_stream_is_persistent(fp));