Dev news

Commit acbe0d26847 for php.net

commit acbe0d26847d4b4c81d9a84ad4b4bbedfd95eedc
Merge: b5e26537053 02f71b68132
Author: Weilin Du <weilindu@php.net>
Date:   Mon Jun 22 13:21:45 2026 +0800

    Merge branch 'PHP-8.4' into PHP-8.5

    * PHP-8.4:
      ext/intl: Fix double construction leaks (#22386)

diff --cc NEWS
index d31433de9c8,f880b5ca33c..6c159381c3d
--- a/NEWS
+++ b/NEWS
@@@ -46,15 -50,27 +46,17 @@@ PH
      (Weilin Du)
    . Fixed IntlTimeZone::getDisplayName() to synchronize object error state
      for invalid display types. (Weilin Du)
 -  . Fixed Spoofchecker restriction-level APIs to only be exposed with ICU 53
 -    and later. (Graham Campbell)
    . Fixed Locale::lookup() and locale_lookup() to return NULL instead of the
      fallback locale when a language tag cannot be canonicalized. (Weilin Du)
+   . Fixed memory leaks when calling Collator::__construct() or
+     Spoofchecker::__construct() twice. (Weilin Du)

 -- mysqli:
 -  . Fix stmt->query leak in mysqli_execute_query() validation errors.
 -    (David Carlier)
 -
  - Opcache:
 +  . Fixed bug GH-22265 (Another tailcall vm_interrupt bug). (Levi Morrison)
    . Fixed bug GH-20469 (Unsafe inheritance cache replay with reentrant
      autoloading). (Levi Morrison)
 -  . Fixed bug GH-22158 (Tracing JIT dispatches the observer begin handler
 -    through the wrong run_time_cache slot on megamorphic calls). (ptondereau,
 -    iliaal)
 -
 -- OpenSSL:
 -  . Fixed bug GH-22187 (Memory corruption (zend_mm_heap corrupted) in
 -    openssl_encrypt with AES-WRAP-PAD). (David Carlier)
 +  . Fixed bug GH-21972 (Corrupted variable type when a typed by-value return
 +    contains a reference wrapper). (Weilin Du)

  - Phar:
    . Fixed a bypass of the magic ".phar" directory protection in
diff --cc ext/intl/collator/collator_create.c
index 5e6b0dee9ce,ca57d5431e0..cf857f98c1d
--- a/ext/intl/collator/collator_create.c
+++ b/ext/intl/collator/collator_create.c
@@@ -35,8 -35,17 +35,12 @@@ static int collator_ctor(INTERNAL_FUNCT
  		Z_PARAM_STRING(locale, locale_len)
  	ZEND_PARSE_PARAMETERS_END_EX(return FAILURE);

 -	if (error_handling != NULL) {
 -		zend_replace_error_handling(EH_THROW, IntlException_ce_ptr, error_handling);
 -		*error_handling_replaced = 1;
 -	}
 -
  	INTL_CHECK_LOCALE_LEN_OR_FAILURE(locale_len);
  	COLLATOR_METHOD_FETCH_OBJECT;
+ 	if (co->ucoll) {
+ 		zend_throw_error(NULL, "Collator object is already constructed");
+ 		return FAILURE;
+ 	}

  	if(locale_len == 0) {
  		locale = (char *)intl_locale_get_default();
diff --cc ext/intl/spoofchecker/spoofchecker_create.c
index 7cb51adef4e,4614d44c317..4305aec6f5f
--- a/ext/intl/spoofchecker/spoofchecker_create.c
+++ b/ext/intl/spoofchecker/spoofchecker_create.c
@@@ -31,12 -32,15 +31,18 @@@ PHP_METHOD(Spoofchecker, __construct
  	ZEND_PARSE_PARAMETERS_NONE();

  	SPOOFCHECKER_METHOD_FETCH_OBJECT_NO_CHECK;
+ 	if (co->uspoof) {
+ 		zend_throw_error(NULL, "Spoofchecker object is already constructed");
+ 		RETURN_THROWS();
+ 	}
+
+ 	zend_replace_error_handling(EH_THROW, IntlException_ce_ptr, &error_handling);

  	co->uspoof = uspoof_open(SPOOFCHECKER_ERROR_CODE_P(co));
 -	INTL_METHOD_CHECK_STATUS(co, "spoofchecker: unable to open ICU Spoof Checker");
 +	if (U_FAILURE(INTL_DATA_ERROR_CODE(co))) {
 +		zend_throw_exception(IntlException_ce_ptr,
 +			"Spoofchecker::__construct(): unable to open ICU Spoof Checker", 0);
 +	}

  #if U_ICU_VERSION_MAJOR_NUM >= 58
  	/* TODO save it into the object for further suspiction check comparison. */