Fix memory leaks in array_any() / array_all()

The return value is overwritten, but if the key was not an interned
string we should destroy it.

Closes GH-17977.

ext/standard/array.c

@@ -6629,6 +6629,11 @@ static zend_result php_array_find(const HashTable *array, zend_fcall_info fci, z
 
 		zend_result result = zend_call_function(&fci, &fci_cache);
 		ZEND_ASSERT(result == SUCCESS);
+<<<<<<< HEAD
+=======
+		if (EXPECTED(!Z_ISUNDEF(retval))) {
+			int retval_true;
+>>>>>>> 2701b97011 (Fix memory leaks in array_any() / array_all())
 
 		if (UNEXPECTED(EG(exception))) {
 			return FAILURE;
@@ -6637,6 +6642,7 @@ static zend_result php_array_find(const HashTable *array, zend_fcall_info fci, z
 		bool retval_true = zend_is_true(&retval);
 		zval_ptr_dtor(&retval);
 
+<<<<<<< HEAD
 		/* This negates the condition, if negate_condition is true. Otherwise it does nothing with `retval_true`. */
 		retval_true ^= negate_condition;
 
@@ -6650,6 +6656,10 @@ static zend_result php_array_find(const HashTable *array, zend_fcall_info fci, z
 			}
 
 			break;
+=======
+		if (UNEXPECTED(Z_ISUNDEF(retval))) {
+			return FAILURE;
+>>>>>>> 2701b97011 (Fix memory leaks in array_any() / array_all())
 		}
 	} ZEND_HASH_FOREACH_END();
 
@@ -6717,7 +6727,11 @@ PHP_FUNCTION(array_any)
 		RETURN_THROWS();
 	}
 
-	RETURN_BOOL(Z_TYPE_P(return_value) != IS_UNDEF);
+	bool retval = !Z_ISUNDEF_P(return_value);
+	if (Z_TYPE_P(return_value) == IS_STRING) {
+		zval_ptr_dtor_str(return_value);
+	}
+	RETURN_BOOL(retval);
 }
 /* }}} */
 
@@ -6737,7 +6751,11 @@ PHP_FUNCTION(array_all)
 		RETURN_THROWS();
 	}
 
-	RETURN_BOOL(Z_TYPE_P(return_value) == IS_UNDEF);
+	bool retval = Z_ISUNDEF_P(return_value);
+	if (Z_TYPE_P(return_value) == IS_STRING) {
+		zval_ptr_dtor_str(return_value);
+	}
+	RETURN_BOOL(retval);
 }
 /* }}} */