From 28470960bcf7c949db0893480e3a8d928f533c8d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Mon, 13 Oct 2025 00:15:14 +0200
Subject: [PATCH] phar: Fix memleak+UAF when opening temp stream in
 buildFromDirectory() fails

Obvious memleak, but can also cause a UAF depending on destruction
ordering with lingering PCRE regex instances in the SPL objects.
---
 ext/phar/phar_object.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index b857770135953..c5bd8da398c0c 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1784,6 +1784,10 @@ PHP_METHOD(Phar, buildFromDirectory)
 	pass.ret = return_value;
 	pass.fp = php_stream_fopen_tmpfile();
 	if (pass.fp == NULL) {
+		zval_ptr_dtor(&iteriter);
+		if (apply_reg) {
+			zval_ptr_dtor(&regexiter);
+		}
 		zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" unable to create temporary file", phar_obj->archive->fname);
 		RETURN_THROWS();
 	}