From cf0aefb836b36b7a90974adfbecc230265e02dad Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 7 Jun 2025 13:31:55 +0100
Subject: [PATCH 1/2] ext/pdo_sqlite: createCollation memory leaks fix.

coming from callback arguments when its return type is incorrect.
---
 ext/pdo_sqlite/pdo_sqlite.c                   |  2 ++
 ...sqlite_createcollation_wrong_callback.phpt | 24 +++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 ext/pdo_sqlite/tests/subclasses/pdo_sqlite_createcollation_wrong_callback.phpt

diff --git a/ext/pdo_sqlite/pdo_sqlite.c b/ext/pdo_sqlite/pdo_sqlite.c
index ff56d04049424..0fd2e7dc6ebec 100644
--- a/ext/pdo_sqlite/pdo_sqlite.c
+++ b/ext/pdo_sqlite/pdo_sqlite.c
@@ -352,6 +352,8 @@ static int php_sqlite_collation_callback(void *context, int string1_len, const v
 			zend_type_error("%s(): Return value of the callback must be of type int, %s returned",
 				ZSTR_VAL(func_name), zend_zval_value_name(&retval));
 			zend_string_release(func_name);
+			zval_ptr_dtor(&zargs[0]);
+			zval_ptr_dtor(&zargs[1]);
 			zval_ptr_dtor(&retval);
 			return FAILURE;
 		}
diff --git a/ext/pdo_sqlite/tests/subclasses/pdo_sqlite_createcollation_wrong_callback.phpt b/ext/pdo_sqlite/tests/subclasses/pdo_sqlite_createcollation_wrong_callback.phpt
new file mode 100644
index 0000000000000..a9d17bb230d56
--- /dev/null
+++ b/ext/pdo_sqlite/tests/subclasses/pdo_sqlite_createcollation_wrong_callback.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Pdo\Sqlite::createCollation() memory leaks on wrong callback return type
+--EXTENSIONS--
+pdo_sqlite
+--FILE--
+<?php
+
+declare(strict_types=1);
+
+$db = new Pdo\Sqlite('sqlite::memory:');
+
+$db->exec("CREATE TABLE test (c string)");
+$db->exec("INSERT INTO test VALUES('youwontseeme')");
+$db->exec("INSERT INTO test VALUES('neither')");
+$db->createCollation('NAT', function($a, $b): string { return $a . $b; });
+
+try {
+    $db->query("SELECT c FROM test ORDER BY c COLLATE NAT");
+} catch (\TypeError $e) {
+    echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+PDO::query(): Return value of the callback must be of type int, string returned

From 49dc6561d1dbb6bc2816d335bc0e477241c78fba Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 7 Jun 2025 13:48:04 +0100
Subject: [PATCH 2/2] simplification

---
 ext/pdo_sqlite/pdo_sqlite.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/ext/pdo_sqlite/pdo_sqlite.c b/ext/pdo_sqlite/pdo_sqlite.c
index 0fd2e7dc6ebec..493ba3f36009d 100644
--- a/ext/pdo_sqlite/pdo_sqlite.c
+++ b/ext/pdo_sqlite/pdo_sqlite.c
@@ -346,14 +346,15 @@ static int php_sqlite_collation_callback(void *context, int string1_len, const v
 
 	zend_call_known_fcc(&collation->callback, &retval, /* argc */ 2, zargs, /* named_params */ NULL);
 
+	zval_ptr_dtor(&zargs[0]);
+	zval_ptr_dtor(&zargs[1]);
+
 	if (!Z_ISUNDEF(retval)) {
 		if (Z_TYPE(retval) != IS_LONG) {
 			zend_string *func_name = get_active_function_or_method_name();
 			zend_type_error("%s(): Return value of the callback must be of type int, %s returned",
 				ZSTR_VAL(func_name), zend_zval_value_name(&retval));
 			zend_string_release(func_name);
-			zval_ptr_dtor(&zargs[0]);
-			zval_ptr_dtor(&zargs[1]);
 			zval_ptr_dtor(&retval);
 			return FAILURE;
 		}
@@ -364,9 +365,6 @@ static int php_sqlite_collation_callback(void *context, int string1_len, const v
 		}
 	}
 
-	zval_ptr_dtor(&zargs[0]);
-	zval_ptr_dtor(&zargs[1]);
-
 	return ret;
 }