ext/pdo_sqlite: createCollation memory leaks fix.

coming from callback arguments when its return type is incorrect.

close GH-18796

Author: devnexen

NEWS

@@ -37,6 +37,10 @@ PHP                                                                        NEWS
   . Fixed bug #74796 (Requests through http proxy set peer name).
     (Jakub Zelenka)
 
+- PDO Sqlite:
+  . Fixed memory leak with Pdo_Sqlite::createCollation when the callback
+    has an incorrect return type. (David Carlier)
+
 - Phar:
   . Add missing filter cleanups on phar failure. (nielsdos)
   . Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)

ext/pdo_sqlite/pdo_sqlite.c

@@ -346,6 +346,9 @@ static int php_sqlite_collation_callback(void *context, int string1_len, const v
 
 	zend_call_known_fcc(&collation->callback, &retval, /* argc */ 2, zargs, /* named_params */ NULL);
 
+	zval_ptr_dtor(&zargs[0]);
+	zval_ptr_dtor(&zargs[1]);
+
 	if (!Z_ISUNDEF(retval)) {
 		if (Z_TYPE(retval) != IS_LONG) {
 			zend_string *func_name = get_active_function_or_method_name();
@@ -362,9 +365,6 @@ static int php_sqlite_collation_callback(void *context, int string1_len, const v
 		}
 	}
 
-	zval_ptr_dtor(&zargs[0]);
-	zval_ptr_dtor(&zargs[1]);
-
 	return ret;
 }
 

ext/pdo_sqlite/tests/subclasses/pdo_sqlite_createcollation_wrong_callback.phpt

@@ -0,0 +1,24 @@
+--TEST--
+Pdo\Sqlite::createCollation() memory leaks on wrong callback return type
+--EXTENSIONS--
+pdo_sqlite
+--FILE--
+<?php
+
+declare(strict_types=1);
+
+$db = new Pdo\Sqlite('sqlite::memory:');
+
+$db->exec("CREATE TABLE test (c string)");
+$db->exec("INSERT INTO test VALUES('youwontseeme')");
+$db->exec("INSERT INTO test VALUES('neither')");
+$db->createCollation('NAT', function($a, $b): string { return $a . $b; });
+
+try {
+    $db->query("SELECT c FROM test ORDER BY c COLLATE NAT");
+} catch (\TypeError $e) {
+    echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+PDO::query(): Return value of the callback must be of type int, string returned