From 560a16fa19ee040e5427b03cba7e97fab769c12d Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 18 Oct 2025 23:58:20 +0200 Subject: [PATCH 1/2] phar: Fix potential double free on Windows (#20211) Because the code no longer bails out, these variables shouldn't be freed here as they're already freed by the caller. This also simplifies the code. Fixes nightly. --- ext/phar/phar_object.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 31b9261ba137..9c09417e077b 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -184,9 +184,6 @@ static phar_action_status phar_file_action(phar_archive_data *phar, phar_entry_i highlight_file(name, &syntax_highlighter_ini); efree(name); -#ifdef PHP_WIN32 - efree(arch); -#endif return PHAR_ACT_DO_EXIT; case PHAR_MIME_OTHER: /* send headers, output file contents */ @@ -274,9 +271,6 @@ static phar_action_status phar_file_action(phar_archive_data *phar, phar_entry_i } zend_destroy_file_handle(&file_handle); -#ifdef PHP_WIN32 - efree(arch); -#endif if (new_op_array) { ZVAL_UNDEF(&result); From cf3b70d23cdf6f09f6e605d17295e671c76dee84 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 18 Oct 2025 11:41:49 +0200 Subject: [PATCH 2/2] pgsql: Fix memory leak when first string conversion fails If the first string conversion fails, then i==0, but memory was still allocated for `params`. However, we skip freeing `params` when i==0. Closes GH-20213. --- NEWS | 3 +++ ext/pgsql/pgsql.c | 12 +++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 96dd99d8da89..537673e64fa9 100644 --- a/NEWS +++ b/NEWS @@ -40,6 +40,9 @@ PHP NEWS . Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15). (Arnaud, Shivam Mathur) +- PgSql: + . Fix memory leak when first string conversion fails. (nielsdos) + - Phar: . Fix memory leak of argument in webPhar. (nielsdos) . Fix memory leak when setAlias() fails. (nielsdos) diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 1d7fee601700..e8fb99c7aca4 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -1057,15 +1057,13 @@ PHP_FUNCTION(pg_query) static void _php_pgsql_free_params(char **params, int num_params) { - if (num_params > 0) { - int i; - for (i = 0; i < num_params; i++) { - if (params[i]) { - efree(params[i]); - } + int i; + for (i = 0; i < num_params; i++) { + if (params[i]) { + efree(params[i]); } - efree(params); } + efree(params); } /* Execute a query */