Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Fix memory leak when calling xml_parse_into_struct() twice
  Fix return type of stub of xml_parse_into_struct()

Author: nielsdos

NEWS

@@ -34,6 +34,10 @@ PHP                                                                        NEWS
     foreach). (nielsdos)
   . Fixed bug #55098 (SimpleXML iteration produces infinite loop). (nielsdos)
 
+- XML:
+  . Fix return type of stub of xml_parse_into_struct(). (nielsdos)
+  . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)
+
 28 Sep 2023, PHP 8.2.11
 
 - Core:

ext/xml/tests/gh12254.phpt

@@ -0,0 +1,31 @@
+--TEST--
+GH-12254: xml_parse_into_struct() memory leak when called twice
+--EXTENSIONS--
+xml
+--FILE--
+<?php
+
+$parser = xml_parser_create();
+xml_set_element_handler($parser, function ($parser, $name, $attrs) {
+    echo "open\n";
+    var_dump($name, $attrs);
+    var_dump(xml_parse_into_struct($parser, "<container/>", $values, $tags));
+}, function ($parser, $name) {
+    echo "close\n";
+    var_dump($name);
+});
+xml_parse_into_struct($parser, "<container/>", $values, $tags);
+// Yes, this doesn't do anything but it at least shouldn't leak...
+xml_parse_into_struct($parser, "<container/>", $values, $tags);
+
+?>
+--EXPECTF--
+open
+string(9) "CONTAINER"
+array(0) {
+}
+
+Warning: xml_parse_into_struct(): Parser must not be called recursively in %s on line %d
+bool(false)
+close
+string(9) "CONTAINER"

ext/xml/xml.c

@@ -318,19 +318,24 @@ static zend_object *xml_parser_create_object(zend_class_entry *class_type) {
 	return &intern->std;
 }
 
-static void xml_parser_free_obj(zend_object *object)
+static void xml_parser_free_ltags(xml_parser *parser)
 {
-	xml_parser *parser = xml_parser_from_obj(object);
-
-	if (parser->parser) {
-		XML_ParserFree(parser->parser);
-	}
 	if (parser->ltags) {
 		int inx;
 		for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++)
 			efree(parser->ltags[ inx ]);
 		efree(parser->ltags);
 	}
+}
+
+static void xml_parser_free_obj(zend_object *object)
+{
+	xml_parser *parser = xml_parser_from_obj(object);
+
+	if (parser->parser) {
+		XML_ParserFree(parser->parser);
+	}
+	xml_parser_free_ltags(parser);
 	if (!Z_ISUNDEF(parser->startElementHandler)) {
 		zval_ptr_dtor(&parser->startElementHandler);
 	}
@@ -1261,6 +1266,11 @@ PHP_FUNCTION(xml_parse_into_struct)
 
 	parser = Z_XMLPARSER_P(pind);
 
+	if (parser->isparsing) {
+		php_error_docref(NULL, E_WARNING, "Parser must not be called recursively");
+		RETURN_FALSE;
+	}
+
 	if (info) {
 		info = zend_try_array_init(info);
 		if (!info) {
@@ -1280,15 +1290,12 @@ PHP_FUNCTION(xml_parse_into_struct)
 	}
 
 	parser->level = 0;
+	xml_parser_free_ltags(parser);
 	parser->ltags = safe_emalloc(XML_MAXLEVEL, sizeof(char *), 0);
 
 	XML_SetElementHandler(parser->parser, _xml_startElementHandler, _xml_endElementHandler);
 	XML_SetCharacterDataHandler(parser->parser, _xml_characterDataHandler);
 
-	if (parser->isparsing) {
-		php_error_docref(NULL, E_WARNING, "Parser must not be called recursively");
-		RETURN_FALSE;
-	}
 	parser->isparsing = 1;
 	ret = XML_Parse(parser->parser, (XML_Char*)data, data_len, 1);
 	parser->isparsing = 0;

ext/xml/xml.stub.php

@@ -176,7 +176,7 @@ function xml_parse(XMLParser $parser, string $data, bool $is_final = false): int
  * @param array $values
  * @param array $index
  */
-function xml_parse_into_struct(XMLParser $parser, string $data, &$values, &$index = null): int {}
+function xml_parse_into_struct(XMLParser $parser, string $data, &$values, &$index = null): int|false {}
 
 function xml_get_error_code(XMLParser $parser): int {}