phar: Fix memory leak when opening temp file fails while trying to open gzip-compressed archive

`filterparams` can leak if `php_stream_fopen_tmpfile()` fails.
To solve this, move the temp file creation first.

Closes GH-20220.

NEWS

@@ -57,6 +57,8 @@ PHP                                                                        NEWS
     of type size_t. (Girgias)
   . Fix memory leak when openssl polyfill returns garbage. (nielsdos)
   . Fix file descriptor leak in phar_zip_flush() on failure. (nielsdos)
+  . Fix memory leak when opening temp file fails while trying to open
+    gzip-compressed archive. (nielsdos)
 
 - Random:
   . Fix Randomizer::__serialize() w.r.t. INDIRECTs. (nielsdos)

ext/phar/phar.c

@@ -1672,6 +1672,12 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 				if (!PHAR_G(has_zlib)) {
 					MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\" to temporary file, enable zlib extension in php.ini")
 				}
+
+				/* entire file is gzip-compressed, uncompress to temporary file */
+				if (!(temp = php_stream_fopen_tmpfile())) {
+					MAPPHAR_ALLOC_FAIL("unable to create temporary file for decompression of gzipped phar archive \"%s\"")
+				}
+
 				array_init(&filterparams);
 /* this is defined in zlib's zconf.h */
 #ifndef MAX_WBITS
@@ -1679,11 +1685,6 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char
 #endif
 				add_assoc_long_ex(&filterparams, "window", sizeof("window") - 1, MAX_WBITS + 32);
 
-				/* entire file is gzip-compressed, uncompress to temporary file */
-				if (!(temp = php_stream_fopen_tmpfile())) {
-					MAPPHAR_ALLOC_FAIL("unable to create temporary file for decompression of gzipped phar archive \"%s\"")
-				}
-
 				php_stream_rewind(fp);
 				filter = php_stream_filter_create("zlib.inflate", &filterparams, php_stream_is_persistent(fp));