From 27797a26caa8368b6158e7b11cbbc661fc495772 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Wed, 18 Oct 2023 20:18:40 +0200
Subject: [PATCH 1/2] Fix bug #75306: Memleak in SoapClient

Setting the stream context via php_stream_context_to_zval() will
increase the reference count. So if the new context is created, then it
will end up with a reference count of 2 while it should be 1.

Credits to cmb for the analysis. I arrived at the same patch as he did.

Closes GH-12523.
---
 NEWS                         |  1 +
 ext/soap/php_sdl.c           |  5 ++++-
 ext/soap/tests/bug75306.phpt | 20 ++++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 ext/soap/tests/bug75306.phpt

diff --git a/NEWS b/NEWS
index 9d8e4f553ff..1ded7f9918d 100644
--- a/NEWS
+++ b/NEWS
@@ -36,6 +36,7 @@ PHP                                                                        NEWS
   . Fix segfault and assertion failure with refcounted props and arrays.
     (nielsdos)
   . Fix potential crash with an edge case of persistent encoders. (nielsdos)
+  . Fixed bug #75306 (Memleak in SoapClient). (nielsdos)
 
 - Streams:
   . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers).
diff --git a/ext/soap/php_sdl.c b/ext/soap/php_sdl.c
index 038515087fa..651eab23b7a 100644
--- a/ext/soap/php_sdl.c
+++ b/ext/soap/php_sdl.c
@@ -3255,6 +3255,9 @@ sdlPtr get_sdl(zval *this_ptr, char *uri, zend_long cache_wsdl)
 		tmp = Z_CLIENT_STREAM_CONTEXT_P(this_ptr);
 		if (Z_TYPE_P(tmp) == IS_RESOURCE) {
 			context = php_stream_context_from_zval(tmp, 0);
+			/* Share a reference with new_context down below.
+			 * For new contexts, the reference is only in new_context so that doesn't need extra refcounting. */
+			GC_ADDREF(context->res);
 		}
 
 		tmp = Z_CLIENT_USER_AGENT_P(this_ptr);
@@ -3323,7 +3326,7 @@ sdlPtr get_sdl(zval *this_ptr, char *uri, zend_long cache_wsdl)
 	}
 
 	if (context) {
-		php_stream_context_to_zval(context, &new_context);
+		ZVAL_RES(&new_context, context->res);
 		php_libxml_switch_context(&new_context, &orig_context);
 	}
 
diff --git a/ext/soap/tests/bug75306.phpt b/ext/soap/tests/bug75306.phpt
new file mode 100644
index 00000000000..7501fde59e6
--- /dev/null
+++ b/ext/soap/tests/bug75306.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #75306 (Memleak in SoapClient)
+--EXTENSIONS--
+soap
+--FILE--
+<?php
+$options = array("cache_wsdl" => WSDL_CACHE_NONE);
+// Need a warm-up for globals
+for ($i = 0; $i < 10; $i++) {
+    $client = new SoapClient("ext/soap/tests/test.wsdl", $options);
+}
+$usage = memory_get_usage();
+for ($i = 0; $i < 10; $i++) {
+    $client = new SoapClient("ext/soap/tests/test.wsdl", $options);
+}
+$usage_delta = memory_get_usage() - $usage;
+var_dump($usage_delta);
+?>
+--EXPECT--
+int(0)

From f8433a5100fe896ad0b4734c1d45b3bf68d24b31 Mon Sep 17 00:00:00 2001
From: Ayesh Karunaratne <ayesh@aye.sh>
Date: Fri, 27 Oct 2023 00:10:30 +0700
Subject: [PATCH 2/2] Minor fix in `NEWS` alignment

Fixes a minor misalignment in `NEWS` file, following the other list items
in the rest of the file.
---
 NEWS | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 9b02f8456f9..d32f0ab6f52 100644
--- a/NEWS
+++ b/NEWS
@@ -28,8 +28,8 @@ PHP                                                                        NEWS
     upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
 
 - OpenSSL:
-  Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
-  (Jakub Zelenka)
+  . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
+    (Jakub Zelenka)
 
 - Random:
   . Fix Randomizer::getFloat() returning incorrect results under