Fix #78762: Failing FFI::cast() may leak memory

cmb69 · cmb69 · commit 1e2d3d58a8b3 · 2019-10-30T17:21:58.000+01:00
We have to release objects when we're done with them.
diff --git a/NEWS b/NEWS
@@ -18,6 +18,7 @@ PHP                                                                        NEWS
 - FFI:
   . Fixed bug #78716 (Function name mangling is wrong for some parameter 
     types). (cmb)
+  . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb)
   . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb)
 
 - FPM:
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
@@ -3882,6 +3882,7 @@ ZEND_METHOD(FFI, cast) /* {{{ */
 		cdata->ptr = &cdata->ptr_holder;
 		cdata->ptr_holder = old_cdata->ptr;
 	} else if (type->size > old_type->size) {
+		zend_object_release(&cdata->std);
 		zend_throw_error(zend_ffi_exception_ce, "attempt to cast to larger type");
 		return;
 	} else if (ptr != &old_cdata->ptr_holder) {
diff --git a/ext/ffi/tests/bug78762.phpt b/ext/ffi/tests/bug78762.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #78762 (Failing FFI::cast() may leak memory)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type
