From 36179282f5f52a7e54be34964b4afd4fd0194e4f Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 24 Apr 2026 11:50:40 +0200
Subject: Fix a memory leak in sp_log_disable/sp_log_disable_ret

php_raw_url_encode returned a new zend_string, but the old arg_value_dup is
never released. Also arg_value_dup was reassigned, leaking the initial
zend_string_init allocation.
---
 src/sp_utils.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/sp_utils.c b/src/sp_utils.c
index d49d459..e6efcc6 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -315,11 +315,11 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
   if (arg_name) {
     char* char_repr = NULL;
     if (arg_value) {
-      zend_string *arg_value_dup = zend_string_init(ZSTR_VAL(arg_value), ZSTR_LEN(arg_value), 0);
-      arg_value_dup = php_raw_url_encode(ZSTR_VAL(arg_value_dup), ZSTR_LEN(arg_value_dup));
-      char_repr = zend_string_to_char(arg_value_dup);
-      size_t max_len = MIN(ZSTR_LEN(arg_value_dup), (size_t)SPCFG(log_max_len));
+      zend_string *arg_value_enc = php_raw_url_encode(ZSTR_VAL(arg_value), ZSTR_LEN(arg_value));
+      char_repr = zend_string_to_char(arg_value_enc);
+      size_t max_len = MIN(ZSTR_LEN(arg_value_enc), (size_t)SPCFG(log_max_len));
       char_repr[max_len] = '\0';
+      zend_string_release(arg_value_enc);
     }
     if (alias) {
       sp_log_auto(
@@ -359,11 +359,11 @@ void sp_log_disable_ret(const char* restrict path,
     sp_log_request(dump, config_node->textual_representation);
   }
   if (ret_value) {
-    zend_string *ret_value_dup = zend_string_init(ZSTR_VAL(ret_value), ZSTR_LEN(ret_value), 0);
-    ret_value_dup = php_raw_url_encode(ZSTR_VAL(ret_value_dup), ZSTR_LEN(ret_value_dup));
-    char_repr = zend_string_to_char(ret_value_dup);
-    size_t max_len = MIN(ZSTR_LEN(ret_value_dup), (size_t)SPCFG(log_max_len));
+    zend_string *ret_value_enc = php_raw_url_encode(ZSTR_VAL(ret_value), ZSTR_LEN(ret_value));
+    char_repr = zend_string_to_char(ret_value_enc);
+    size_t max_len = MIN(ZSTR_LEN(ret_value_enc), (size_t)SPCFG(log_max_len));
     char_repr[max_len] = '\0';
+    zend_string_release(ret_value_enc);
   }
   if (alias) {
     sp_log_auto(
-- 
cgit v1.3