From 92c38dc0ce1f52aab15e14a66ac9d2ed23f85fe5 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <ilia@ilia.ws>
Date: Sun, 7 Jun 2026 15:37:56 -0400
Subject: [PATCH] mysqli: Fix memory leak in mysqli_execute_query()

The argument-validation error paths free stmt directly, leaking the
estrdup'd stmt->query copy made under MYSQLI_REPORT_INDEX.
---
 ext/mysqli/mysqli_api.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index c667712f85fe..8c6fbc89db84 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -532,6 +532,9 @@ PHP_FUNCTION(mysqli_execute_query)
 		if (!zend_array_is_list(input_params)) {
 			mysqli_stmt_close(stmt->stmt, false);
 			stmt->stmt = NULL;
+			if (stmt->query) {
+				efree(stmt->query);
+			}
 			efree(stmt);
 			zend_argument_value_error(ERROR_ARG_POS(3), "must be a list array");
 			RETURN_THROWS();
@@ -542,6 +545,9 @@ PHP_FUNCTION(mysqli_execute_query)
 		if (hash_num_elements != param_count) {
 			mysqli_stmt_close(stmt->stmt, false);
 			stmt->stmt = NULL;
+			if (stmt->query) {
+				efree(stmt->query);
+			}
 			efree(stmt);
 			zend_argument_value_error(ERROR_ARG_POS(3), "must consist of exactly %d elements, %d present", param_count, hash_num_elements);
 			RETURN_THROWS();