From a7f7e169d672a1bb2765d62cd1f0f10306fcff7b Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 22 Dec 2024 21:34:32 +0100
Subject: [PATCH] Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure

The success path frees tmp_str, but the error path does not.

Closes GH-17243.
---
 NEWS          | 1 +
 ext/ffi/ffi.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index 376139b086f..f2a0b0246d1 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,7 @@ PHP                                                                        NEWS
 
 - FFI:
   . Fixed bug #79075 (FFI header parser chokes on comments). (nielsdos)
+  . Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. (nielsdos)
 
 - Filter:
   . Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
index 2000e15c29e..d823f32127c 100644
--- a/ext/ffi/ffi.c
+++ b/ext/ffi/ffi.c
@@ -807,6 +807,7 @@ again:
 			if (ZSTR_LEN(str) == 1) {
 				*(char*)ptr = ZSTR_VAL(str)[0];
 			} else {
+				zend_tmp_string_release(tmp_str);
 				zend_ffi_assign_incompatible(value, type);
 				return FAILURE;
 			}