From c1962e900a4ebe74a6e7578e3da75a0931687546 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 12 Oct 2020 13:26:38 +0200
Subject: Fix #80223: imap_mail_compose() leaks envelope on malformed bodies

We have to clean up even on failure.

Closes GH-6322.
---
 NEWS                         |  2 ++
 ext/imap/php_imap.c          |  6 ++++--
 ext/imap/tests/bug80223.phpt | 15 +++++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 ext/imap/tests/bug80223.phpt

diff --git a/NEWS b/NEWS
index 72f731aef1..368199ed74 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,8 @@ PHP                                                                        NEWS
   . Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies). (cmb)
   . Fixed bug #80215 (imap_mail_compose() may modify by-val parameters). (cmb)
   . Fixed bug #80220 (imap_mail_compose() may leak memory). (cmb)
+  . Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
+    (cmb)
 
 - MySQLnd:
   . Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 0cf350e907..63b5464808 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -3622,7 +3622,8 @@ PHP_FUNCTION(imap_mail_compose)
 
 			if (Z_TYPE_P(data) != IS_ARRAY) {
 				php_error_docref(NULL, E_WARNING, "body parameter must be a non-empty array");
-				RETURN_FALSE;
+				RETVAL_FALSE;
+				goto done;
 			}
 			SEPARATE_ARRAY(data);
 
@@ -3824,7 +3825,8 @@ PHP_FUNCTION(imap_mail_compose)
 
 	if (first) {
 		php_error_docref(NULL, E_WARNING, "body parameter must be a non-empty array");
-		RETURN_FALSE;
+		RETVAL_FALSE;
+		goto done;
 	}
 
 	if (bod && bod->type == TYPEMULTIPART && (!bod->nested.part || !bod->nested.part->next)) {
diff --git a/ext/imap/tests/bug80223.phpt b/ext/imap/tests/bug80223.phpt
new file mode 100644
index 0000000000..4acfb8d023
--- /dev/null
+++ b/ext/imap/tests/bug80223.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #80223 (imap_mail_compose() leaks envelope on malformed bodies)
+--SKIPIF--
+<?php
+if (!extension_loaded('imap')) die('skip imap extension not available');
+?>
+--FILE--
+<?php
+imap_mail_compose([], []);
+imap_mail_compose([], [1]);
+?>
+--EXPECTF--
+Warning: imap_mail_compose(): body parameter must be a non-empty array in %s on line %d
+
+Warning: imap_mail_compose(): body parameter must be a non-empty array in %s on line %d
-- 
cgit v1.2.1