Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor)

Author: Girgias

ext/spl/spl_directory.c

@@ -2047,13 +2047,7 @@ PHP_METHOD(SplFileObject, __construct)
 	size_t path_len;
 	zend_error_handling error_handling;
 
-	intern->u.file.open_mode = ZSTR_CHAR('r');
-
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "P|Sbr!",
-			&intern->file_name, &open_mode,
-			&use_include_path, &intern->u.file.zcontext) == FAILURE) {
-		intern->u.file.open_mode = NULL;
-		intern->file_name = NULL;
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "P|Sbr!", &intern->file_name, &open_mode, &use_include_path, &intern->u.file.zcontext) == FAILURE) {
 		RETURN_THROWS();
 	}
 
@@ -2096,6 +2090,12 @@ PHP_METHOD(SplTempFileObject, __construct)
 		RETURN_THROWS();
 	}
 
+	/* Prevent reinitialization of Object */
+	if (intern->u.file.stream) {
+		zend_throw_error(NULL, "cannot call constructor twice");
+		RETURN_THROWS();
+	}
+
 	if (max_memory < 0) {
 		file_name = zend_string_init("php://memory", sizeof("php://memory")-1, 0);
 	} else if (ZEND_NUM_ARGS()) {

ext/spl/tests/gh16477-2.phpt

@@ -0,0 +1,19 @@
+--TEST--
+GH-16477-2: Memory leak when calling SplTempFileObject::__constructor() twice
+--FILE--
+<?php
+
+$obj = new SplTempFileObject();
+
+try {
+    $obj->__construct();
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+$obj->__debugInfo();
+
+?>
+DONE
+--EXPECT--
+Error: cannot call constructor twice
+DONE

ext/spl/tests/gh16477.phpt

@@ -0,0 +1,19 @@
+--TEST--
+GH-16477: Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor
+--FILE--
+<?php
+
+$obj = new SplFileObject(__FILE__);
+
+try {
+    $obj->__construct();
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+$obj->__debugInfo();
+
+?>
+DONE
+--EXPECT--
+ArgumentCountError: SplFileObject::__construct() expects at least 1 argument, 0 given
+DONE