Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3:
  Fix GH-19752: Phar decompression with invalid extension can cause UAF

NEWS

@@ -52,6 +52,8 @@ PHP                                                                        NEWS
   . Fix memory leak in phar tar temporary file error handling code. (nielsdos)
   . Fix metadata leak when phar convert logic fails. (nielsdos)
   . Fix memory leak on failure in phar_convert_to_other(). (nielsdos)
+  . Fixed bug GH-19752 (Phar decompression with invalid extension
+    can cause UAF). (nielsdos)
 
 - Standard:
   . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)

ext/phar/phar_object.c

@@ -2336,7 +2336,11 @@ no_copy:
 			if (phar->fp) {
 				php_stream_close(phar->fp);
 			}
-			efree(phar->fname);
+			if (phar->fname != source->fname) {
+				/* Depending on when phar_rename_archive() errors, the new filename
+				 * may have already been assigned or it may still be the old one. */
+				efree(phar->fname);
+			}
 			efree(phar);
 		}
 		return NULL;

ext/phar/tests/gh19752.phpt

@@ -0,0 +1,13 @@
+--TEST--
+GH-19752 (Phar decompression with invalid extension can cause UAF)
+--FILE--
+<?php
+$phar = new PharData(__DIR__.'/gh19752.1');
+try {
+    $phar->decompress("*");
+} catch (BadMethodCallException $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECTF--
+data phar converted from "%sgh19752.1" has invalid extension *