Fix memory leak in zip when encountering empty glob result

The case of returning 0 is inconsistent in when it returns an empty array, furthermore the caller already returns an empty array. Because the caller overwrites the return value in these cases, it can cause a memory leak. This is easier to trigger on master in some cases as different code paths are taken with the new bundled glob. On some platforms it is also triggerable on 8.3. Closes GH-19715.
2026-03-24 00:02:20 +01:00 · 2025-09-04 22:46:07 +02:00
parent 0e668e517a
commit 216e87ad7e
2 changed files with 3 additions and 2 deletions
--- a/3
+++ b/3
@@ -52,6 +52,9 @@ PHP                                                                        NEWS
    deprecation and TidyInternalCategory being available later than
    tidyOptGetCategory. (arjendekorte)

+- Zip:
+  . Fix memory leak in zip when encountering empty glob result. (nielsdos)
+
 28 Aug 2025, PHP 8.3.25

 - Core:
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -668,7 +668,6 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v
 			   can be used for simple glob() calls without further error
 			   checking.
 			*/
-			array_init(return_value);
 			return 0;
 		}
 #endif
@@ -677,7 +676,6 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v

 	/* now catch the FreeBSD style of "no matches" */
 	if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
-		array_init(return_value);
 		return 0;
 	}