From 4186729c63c8256ff1fcfe965d21e9d22a3d5422 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 25 May 2025 10:17:19 +0200
Subject: [PATCH] Fix memory leak in tidy output handler on error

---
 ext/tidy/tidy.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
index 831fcb3815399..46dd637f40e54 100644
--- a/ext/tidy/tidy.c
+++ b/ext/tidy/tidy.c
@@ -965,6 +965,11 @@ static int php_tidy_output_handler(void **nothing, php_output_context *output_co
 	TidyBuffer inbuf, outbuf, errbuf;
 
 	if (TG(clean_output) && (output_context->op & PHP_OUTPUT_HANDLER_START) && (output_context->op & PHP_OUTPUT_HANDLER_FINAL)) {
+		if (ZEND_SIZE_T_UINT_OVFL(output_context->in.used)) {
+			php_error_docref(NULL, E_WARNING, "Input string is too long");
+			return status;
+		}
+
 		doc = tidyCreate();
 		tidyBufInit(&errbuf);
 
@@ -972,11 +977,6 @@ static int php_tidy_output_handler(void **nothing, php_output_context *output_co
 			tidyOptSetBool(doc, TidyForceOutput, yes);
 			tidyOptSetBool(doc, TidyMark, no);
 
-			if (ZEND_SIZE_T_UINT_OVFL(output_context->in.used)) {
-				php_error_docref(NULL, E_WARNING, "Input string is too long");
-				return status;
-			}
-
 			TIDY_SET_DEFAULT_CONFIG(doc);
 
 			tidyBufInit(&inbuf);