Fix metadata leak when phar convert logic fails

Closes GH-19756.

Author: nielsdos

NEWS

@@ -48,6 +48,7 @@ PHP                                                                        NEWS
 - Phar:
   . Fixed memory leaks when verifying OpenSSL signature. (Girgias)
   . Fix memory leak in phar tar temporary file error handling code. (nielsdos)
+  . Fix metadata leak when phar convert logic fails. (nielsdos)
 
 - Standard:
   . Fixed bug GH-16649 (UAF during array_splice). (alexandre-daubois)

ext/phar/phar_object.c

@@ -2281,6 +2281,7 @@ static zend_object *phar_convert_to_other(phar_archive_data *source, int convert
 		}
 
 		if (FAILURE == phar_copy_file_contents(&newentry, phar->fp)) {
+			phar_metadata_tracker_free(&phar->metadata_tracker, phar->is_persistent);
 			zend_hash_destroy(&(phar->manifest));
 			php_stream_close(phar->fp);
 			efree(phar);
@@ -2318,6 +2319,7 @@ static zend_object *phar_convert_to_other(phar_archive_data *source, int convert
 		return ret;
 	} else {
 		if(phar != NULL) {
+			phar_metadata_tracker_free(&phar->metadata_tracker, phar->is_persistent);
 			zend_hash_destroy(&(phar->manifest));
 			zend_hash_destroy(&(phar->mounted_dirs));
 			zend_hash_destroy(&(phar->virtual_dirs));

ext/phar/tests/phar_convert_metadata_leak.phpt

@@ -0,0 +1,24 @@
+--TEST--
+Phar convert logic leaks metadata
+--EXTENSIONS--
+phar
+--INI--
+phar.require_hash=0
+phar.readonly=0
+--FILE--
+<?php
+$fname = __DIR__ . '/' . basename(__FILE__, '.php') . '.zip';
+
+$phar = new PharData($fname);
+$phar->setMetadata("foobar");
+$phar['x'] = 'hi';
+try {
+    $phar->convertToData(Phar::ZIP, Phar::NONE, 'phar.zip');
+} catch (BadMethodCallException $e) {
+    echo $e->getMessage(),"\n";
+}
+?>
+--CLEAN--
+<?php unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.zip');?>
+--EXPECTF--
+data phar "%s" has invalid extension phar.zip