Fix memory leak in phar tar temporary file error handling code

nielsdos · nielsdos · commit 2f162214e836 · 2025-09-07T13:04:19.000+02:00
Closes GH-19740.
diff --git a/NEWS b/NEWS
@@ -39,6 +39,7 @@ PHP                                                                        NEWS
 
 - Phar:
   . Fixed memory leaks when verifying OpenSSL signature. (Girgias)
+  . Fix memory leak in phar tar temporary file error handling code. (nielsdos)
 
 - Standard:
   . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)
diff --git a/ext/phar/tar.c b/ext/phar/tar.c
@@ -1211,6 +1211,7 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
 	}
 
 	zend_hash_apply_with_argument(&phar->manifest, phar_tar_writeheaders, (void *) &pass);
+	/* TODO: memory leak and incorrect continuation if phar_tar_writeheaders fails? */
 
 	/* add signature for executable tars or tars explicitly set with setSignatureAlgorithm */
 	if (!phar->is_data || phar->sig_flags) {
@@ -1234,6 +1235,12 @@ int phar_tar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
 		entry.fp = php_stream_fopen_tmpfile();
 		if (entry.fp == NULL) {
 			spprintf(error, 0, "phar error: unable to create temporary file");
+
+			efree(signature);
+			if (closeoldfile) {
+				php_stream_close(oldfile);
+			}
+			php_stream_close(newfile);
 			return EOF;
 		}
 #ifdef WORDS_BIGENDIAN
