ext/zip: fix memory leak when encryption is passed as userland array option.

Similar issue fixed in GH-19936. close GH-20363
2026-03-24 00:02:20 +01:00 · 2025-11-02 16:32:38 +00:00
parent be8c8a9d6b
commit 55f7303d73
3 changed files with 61 additions and 0 deletions
--- a/5
+++ b/5
@@ -95,6 +95,11 @@ PHP                                                                        NEWS
  . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket).
    (dktapps)

+- Zip:
+  . Fix memory leak when passing enc_method/enc_password is passed as option
+    for ZipArchive::addGlob()/addPattern() and with consecutive calls.
+    (David Carlier)
+
 23 Oct 2025, PHP 8.3.27

 - Core:
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -1832,6 +1832,11 @@ static void php_zip_add_from_pattern(INTERNAL_FUNCTION_PARAMETERS, int type) /*
 				}
 #ifdef HAVE_ENCRYPTION
 				if (opts.enc_method >= 0) {
+					if (UNEXPECTED(zip_file_set_encryption(ze_obj->za, ze_obj->last_id, ZIP_EM_NONE, NULL) < 0)) {
+						zend_array_destroy(Z_ARR_P(return_value));
+						php_error_docref(NULL, E_WARNING, "password reset failed");
+						RETURN_FALSE;
+					}
 					if (zip_file_set_encryption(ze_obj->za, ze_obj->last_id, opts.enc_method, opts.enc_password)) {
 						zend_array_destroy(Z_ARR_P(return_value));
 						RETURN_FALSE;
--- a/ext/zip/tests/oo_addglob_leak.phpt
+++ b/ext/zip/tests/oo_addglob_leak.phpt
@@ -0,0 +1,51 @@
+--TEST--
+ZipArchive::addGlob() method leaking after several calls when encryption is set.
+--EXTENSIONS--
+zip
+--SKIPIF--
+<?php
+if (!method_exists('ZipArchive', 'setEncryptionName')) die('skip encrytion not supported');
+if(!defined("GLOB_BRACE")) die ('skip requires GLOB_BRACE');
+?>
+--FILE--
+<?php
+$dirname = __DIR__ . '/';
+include $dirname . 'utils.inc';
+
+$dirname = __DIR__ . '/__tmp_oo_addglob2/';
+$file = $dirname . 'test.zip';
+
+@mkdir($dirname);
+copy(__FILE__, $dirname . 'foo.txt');
+copy(__FILE__, $dirname . 'bar.txt');
+
+$zip = new ZipArchive();
+if (!$zip->open($file, ZipArchive::CREATE | ZipArchive::OVERWRITE)) {
+        exit('failed');
+}
+
+$options = [
+    'remove_all_path' => true,
+    'comp_method' => ZipArchive::CM_STORE,
+    'comp_flags' => 5,
+    'enc_method' => ZipArchive::EM_AES_256,
+    'enc_password' => 'secret',
+];
+var_dump($zip->addGlob($dirname . 'bar.*', GLOB_BRACE, $options));
+var_dump($zip->addGlob($dirname . 'bar.*', GLOB_BRACE, $options));
+?>
+--CLEAN--
+<?php
+$dirname = __DIR__ . '/';
+include $dirname . 'utils.inc';
+rmdir_rf(__DIR__ . '/__tmp_oo_addglob2/');
+?>
+--EXPECTF--
+array(1) {
+  [0]=>
+  string(%d) "%s"
+}
+array(1) {
+  [0]=>
+  string(%d) "%s"
+}