Skip to content

Commit 391ec27

Browse files
committed
Fix phpGH-21698: memory leak in ZipArchive::addGlob on early returns.
globfree was not called on the no-matches path and on the open_basedir reject path, leaking the glob_t contents populated by a successful glob() call. close phpGH-21702
1 parent 19f73c5 commit 391ec27

3 files changed

Lines changed: 27 additions & 0 deletions

File tree

NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,10 @@ PHP NEWS
4444
- XSL:
4545
. Fixed bug GH-21600 (Segfault on module shutdown). (David Carlier)
4646

47+
- Zip:
48+
. Fixed bug GH-21698 (memory leak with ZipArchive::addGlob()
49+
early return statements). (David Carlier)
50+
4751
09 Apr 2026, PHP 8.4.20
4852

4953
- Bz2:

ext/zip/php_zip.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -675,12 +675,14 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v
675675

676676
/* now catch the FreeBSD style of "no matches" */
677677
if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
678+
globfree(&globbuf);
678679
return 0;
679680
}
680681

681682
/* we assume that any glob pattern will match files from one directory only
682683
so checking the dirname of the first match should be sufficient */
683684
if (ZIP_OPENBASEDIR_CHECKPATH(globbuf.gl_pathv[0])) {
685+
globfree(&globbuf);
684686
return -1;
685687
}
686688

ext/zip/tests/gh21698.phpt

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
--TEST--
2+
GH-21698 (ZipArchive::addGlob memory leak when open_basedir rejects the match)
3+
--EXTENSIONS--
4+
zip
5+
--FILE--
6+
<?php
7+
$zipfile = __DIR__ . '/gh21698.zip';
8+
$zip = new ZipArchive();
9+
$zip->open($zipfile, ZipArchive::CREATE | ZipArchive::OVERWRITE);
10+
11+
ini_set('open_basedir', '/nonexistent_dir_for_gh21698');
12+
var_dump($zip->addGlob(__FILE__, 0, []));
13+
$zip->close();
14+
?>
15+
--CLEAN--
16+
<?php
17+
@unlink(__DIR__ . '/gh21698.zip');
18+
?>
19+
--EXPECTF--
20+
Warning: ZipArchive::addGlob(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d
21+
bool(false)

0 commit comments

Comments
 (0)