turkdevops · pull · Jun 24, 2026 · Jun 24, 2026 · Jun 21, 2026 · Jun 24, 2026
diff --git a/NEWS b/NEWS
@@ -30,6 +30,8 @@ PHP                                                                        NEWS
     string interpolation). (timwolla)
   . Fixed bug GH-22373 (AST pretty-printing drops meaningful parentheses
     surrounding property access). (timwolla)
+  . Fixed GH-22422 (zend_arena layout mismatch leaked memory in separately
+    built extensions under AddressSanitizer). (iliaal)
 
 - BCMath:
   . Added NUL-byte validation to BCMath functions. (jorgsowa)

diff --git a/configure.ac b/configure.ac
@@ -1539,8 +1539,10 @@ AS_VAR_IF([PHP_ADDRESS_SANITIZER], [yes],
   ]))])
 
   AX_CHECK_COMPILE_FLAG([-fsanitize=address], [
-    CFLAGS="$CFLAGS -fsanitize=address -DZEND_TRACK_ARENA_ALLOC"
-    CXXFLAGS="$CXXFLAGS -fsanitize=address -DZEND_TRACK_ARENA_ALLOC"
+    CFLAGS="$CFLAGS -fsanitize=address"
+    CXXFLAGS="$CXXFLAGS -fsanitize=address"
+    AC_DEFINE([ZEND_TRACK_ARENA_ALLOC], [1],
+      [Whether to track arena allocations individually for AddressSanitizer.])
   ], [AC_MSG_ERROR([AddressSanitizer is not available])])
 ])
 

diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c
@@ -232,7 +232,7 @@ zend_string *dblib_handle_last_id(pdo_dbh_t *dbh, const zend_string *name)
 
 	RETCODE ret;
 	BYTE id[40];
-	size_t len;
+	DBINT len;
 
 	/*
 	 * Would use scope_identity() but it's not implemented on Sybase
@@ -267,6 +267,10 @@ zend_string *dblib_handle_last_id(pdo_dbh_t *dbh, const zend_string *name)
 	len = dbconvert(NULL, (dbcoltype(H->link, 1)) , (dbdata(H->link, 1)) , (dbdatlen(H->link, 1)), SQLCHAR, (BYTE *)id, (DBINT)sizeof(id));
 	dbcancel(H->link);
 
+	if (len < 0) {
+		return NULL;
+	}
+
 	return zend_string_init((const char *) id, len, 0);
 }
 

diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c
@@ -1389,6 +1389,10 @@ static int pdo_firebird_handle_factory(pdo_dbh_t *dbh, zval *driver_options) /*
 		char const *dpb_values[] = { dbh->username, dbh->password, vars[1].optval, vars[2].optval };
 		char dpb_buffer[256] = { isc_dpb_version1 }, *dpb;
 
+		if (EG(exception)) {
+			break;
+		}
+
 		dpb = dpb_buffer + 1;
 
 		/* loop through all the provided arguments and set dpb fields accordingly */
@@ -1425,7 +1429,7 @@ static int pdo_firebird_handle_factory(pdo_dbh_t *dbh, zval *driver_options) /*
 		}
 	}
 
-	if (!dbh->methods) {
+	if (!dbh->methods && !EG(exception)) {
 		char errmsg[512];
 		const ISC_STATUS *s = H->isc_status;
 		fb_interpret(errmsg, sizeof(errmsg),&s);

diff --git a/ext/posix/posix.c b/ext/posix/posix.c
@@ -688,7 +688,11 @@ static void php_posix_group_to_array(struct group *g, zval *array_group) /* {{{
 	array_init(&array_members);
 	zend_hash_real_init_packed(Z_ARRVAL(array_members));
 
-	add_assoc_string(array_group, "name", g->gr_name);
+	if (g->gr_name) {
+		add_assoc_string(array_group, "name", g->gr_name);
+	} else {
+		add_assoc_null(array_group, "name");
+	}
 	if (g->gr_passwd) {
 		add_assoc_string(array_group, "passwd", g->gr_passwd);
 	} else {