Fix GH-14286 (ffi enum type (when enum has no name) make memory leak)

For top-level anonymous type definition we never store the declaration anywhere
else nor the type anywhere else.
The declaration keeps owning the type and it goes out of scope.
For anonymous fields this gets handled by the add_anonymous_field code that
removes the type from the declaration.
This patch does something similar in the parsing code when it is
detected we're dealing with an anonymous enum in a top-level declaration.

Closes GH-14839.

Author: nielsdos

NEWS

@@ -13,6 +13,10 @@ PHP                                                                        NEWS
   . Fixed case when curl_error returns an empty string.
     (David Carlier)
 
+- FFI:
+  . Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory
+    leak). (nielsdos, dstogov)
+
 - Soap:
   . Fixed bug #55639 (Digest autentication dont work). (nielsdos)
 

ext/ffi/ffi.c

@@ -3544,7 +3544,7 @@ ZEND_METHOD(FFI, scope) /* {{{ */
 }
 /* }}} */
 
-static void zend_ffi_cleanup_dcl(zend_ffi_dcl *dcl) /* {{{ */
+void zend_ffi_cleanup_dcl(zend_ffi_dcl *dcl) /* {{{ */
 {
 	if (dcl) {
 		zend_ffi_type_dtor(dcl->type);

ext/ffi/ffi.g

@@ -97,7 +97,10 @@ declarations:
 				initializer?
 				{zend_ffi_declare(name, name_len, &dcl);}
 			)*
-		)?
+		|
+			/* empty */
+			{if (common_dcl.flags & (ZEND_FFI_DCL_ENUM | ZEND_FFI_DCL_STRUCT | ZEND_FFI_DCL_UNION)) zend_ffi_cleanup_dcl(&common_dcl);}
+		)
 		";"
 	)*
 ;

ext/ffi/ffi_parser.c

@@ -2115,6 +2115,10 @@ static int parse_declarations(int sym) {
 				}
 				zend_ffi_declare(name, name_len, &dcl);
 			}
+		} else if (sym == YY__SEMICOLON) {
+			if (common_dcl.flags & (ZEND_FFI_DCL_ENUM | ZEND_FFI_DCL_STRUCT | ZEND_FFI_DCL_UNION)) zend_ffi_cleanup_dcl(&common_dcl);
+		} else {
+			yy_error_sym("unexpected", sym);
 		}
 		if (sym != YY__SEMICOLON) {
 			yy_error_sym("';' expected, got", sym);

ext/ffi/php_ffi.h

@@ -208,6 +208,7 @@ typedef struct _zend_ffi_val {
 
 zend_result zend_ffi_parse_decl(const char *str, size_t len);
 zend_result zend_ffi_parse_type(const char *str, size_t len, zend_ffi_dcl *dcl);
+void zend_ffi_cleanup_dcl(zend_ffi_dcl *dcl);
 
 /* parser callbacks */
 void ZEND_NORETURN zend_ffi_parser_error(const char *msg, ...);

ext/ffi/tests/gh14286_1.phpt

@@ -0,0 +1,46 @@
+--TEST--
+GH-14286 (ffi enum type (when enum has no name) make memory leak)
+--EXTENSIONS--
+ffi
+--INI--
+ffi.enable=1
+--FILE--
+<?php
+$ffi = FFI::cdef("
+    enum {
+        TEST_ONE=1,
+        TEST_TWO=2,
+    };
+    enum TestEnum {
+        TEST_THREE=3,
+    };
+    struct TestStruct {
+        enum {
+            TEST_FOUR=4,
+        } test1;
+        enum TestEnum2 {
+            TEST_FIVE=5,
+        } test2;
+    };
+    typedef enum { TEST_SIX=6 } TestEnum3;
+    struct {
+        int x;
+    };
+    union {
+        int x;
+    };
+");
+var_dump($ffi->TEST_ONE);
+var_dump($ffi->TEST_TWO);
+var_dump($ffi->TEST_THREE);
+var_dump($ffi->TEST_FOUR);
+var_dump($ffi->TEST_FIVE);
+var_dump($ffi->TEST_SIX);
+?>
+--EXPECT--
+int(1)
+int(2)
+int(3)
+int(4)
+int(5)
+int(6)

ext/ffi/tests/gh14286_2.phpt

@@ -0,0 +1,25 @@
+--TEST--
+GH-14286 (ffi enum type (when enum has no name) make memory leak)
+--EXTENSIONS--
+ffi
+--SKIPIF--
+<?php
+if (PHP_DEBUG || getenv('SKIP_ASAN')) die("xfail: FFI cleanup after parser error is nor implemented");
+?>
+--INI--
+ffi.enable=1
+--FILE--
+<?php
+try {
+    $ffi = FFI::cdef("
+        enum {
+            TEST_ONE=1,
+            TEST_TWO=2,
+        } x;
+    ");
+} catch (Throwable $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Failed resolving C variable 'x'