From 088776e9a9441a6dc27694aa80d8d2b7f3b93ee3 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <ilia@ilia.ws>
Date: Sun, 7 Jun 2026 15:37:56 -0400
Subject: [PATCH] mysqli: Fix memory leak in mysqli_execute_query()

The argument-validation error paths free stmt directly, leaking the
estrdup'd stmt->query copy made under MYSQLI_REPORT_INDEX.
---
 ext/mysqli/mysqli_api.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 2bc33e4ad673..99e318ab4aef 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -534,6 +534,9 @@ PHP_FUNCTION(mysqli_execute_query)
 		if (!zend_array_is_list(input_params)) {
 			mysqli_stmt_close(stmt->stmt, false);
 			stmt->stmt = NULL;
+			if (stmt->query) {
+				efree(stmt->query);
+			}
 			efree(stmt);
 			zend_argument_value_error(ERROR_ARG_POS(3), "must be a list array");
 			RETURN_THROWS();
@@ -544,6 +547,9 @@ PHP_FUNCTION(mysqli_execute_query)
 		if (hash_num_elements != param_count) {
 			mysqli_stmt_close(stmt->stmt, false);
 			stmt->stmt = NULL;
+			if (stmt->query) {
+				efree(stmt->query);
+			}
 			efree(stmt);
 			zend_argument_value_error(ERROR_ARG_POS(3), "must consist of exactly %d elements, %d present", param_count, hash_num_elements);
 			RETURN_THROWS();