Fix leak when include fails in a read operation

Usually it will already fail when opening, but reads can also
fail since PHP 7.4, in which case we still need to place the
file handle in open_files to make sure the destructor will run
on it.

diff --git a/Zend/tests/include_fail_during_read.phpt b/Zend/tests/include_fail_during_read.phpt
new file mode 100644 (file)
index 0000000..e2e3e19
--- /dev/null
+++ b/Zend/tests/include_fail_during_read.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Include fails during read
+--FILE--
+<?php
+class SampleFilter extends php_user_filter { }
+stream_filter_register('sample.filter', SampleFilter::class);
+include 'php://filter/read=sample.filter/resource='. __FILE__;
+?>
+--EXPECTF--
+Warning: include(): Unprocessed filter buckets remaining on input brigade in %s on line %d
+
+Warning: include(): Failed opening 'php://filter/read=sample.filter/resource=%s' for inclusion (include_path='%s') in %s on line %d

diff --git a/Zend/zend_language_scanner.l b/Zend/zend_language_scanner.l
index 3d31e0daf4a2be5237559715eef2cac14dcf8342..13248b242040e636ad37563508b6b0daec3f709d 100644 (file)
--- a/Zend/zend_language_scanner.l
+++ b/Zend/zend_language_scanner.l
@@ -518,6 +518,8 @@ ZEND_API int open_file_for_scanning(zend_file_handle *file_handle)
        zend_string *compiled_filename;
 
        if (zend_stream_fixup(file_handle, &buf, &size) == FAILURE) {
+               /* Still add it to open_files to make destroy_file_handle work */
+               zend_llist_add_element(&CG(open_files), file_handle);
                return FAILURE;
        }