From 1581f6f2b4bd024c5efe194c07b5da6ee9da281d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 30 May 2025 21:03:41 +0200
Subject: [PATCH] Fix memory leak when curl_slist_append() fails

If curl_slist_append() returns NULL, then the original pointer is lost
and not freed.
---
 ext/curl/interface.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 1a270a1c32cea..61d830e8abfe1 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -2220,12 +2220,14 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
 			ZEND_HASH_FOREACH_VAL(ph, current) {
 				ZVAL_DEREF(current);
 				val = zval_get_tmp_string(current, &tmp_val);
-				slist = curl_slist_append(slist, ZSTR_VAL(val));
+				struct curl_slist *new_slist = curl_slist_append(slist, ZSTR_VAL(val));
 				zend_tmp_string_release(tmp_val);
-				if (!slist) {
+				if (!new_slist) {
+					curl_slist_free_all(slist);
 					php_error_docref(NULL, E_WARNING, "Could not build curl_slist");
 					return FAILURE;
 				}
+				slist = new_slist;
 			} ZEND_HASH_FOREACH_END();
 
 			if (slist) {