ext/zip: memory leak when zip cancel callback bails out.

Fix #22176

A cancel callback that throws during the implicit zip_close() in the
shutdown destructor triggers a zend_bailout that longjmps through
libzip, skipping its free(filelist). Wrap the call in zend_try/zend_catch
and cancel on bailout so libzip can unwind and clean up.

While at it, apply the same guard to the progress callback, which is
invoked from libzip the same way and is prone to the identical leak.

Author: devnexen

ext/zip/php_zip.c

@@ -2910,7 +2910,10 @@ static void php_zip_progress_callback(zip_t *arch, double state, void *ptr)
 	ze_zip_object *obj = ptr;
 
 	ZVAL_DOUBLE(&cb_args[0], state);
-	zend_call_known_fcc(&obj->progress_callback, NULL, 1, cb_args, NULL);
+
+	zend_try {
+		zend_call_known_fcc(&obj->progress_callback, NULL, 1, cb_args, NULL);
+	} zend_end_try();
 }
 
 /* {{{ register a progression callback: void callback(double state); */
@@ -2957,7 +2960,13 @@ static int php_zip_cancel_callback(zip_t *arch, void *ptr)
 		return 0;
 	}
 
-	zend_call_known_fcc(&obj->cancel_callback, &cb_retval, 0, NULL, NULL);
+	zend_try {
+		zend_call_known_fcc(&obj->cancel_callback, &cb_retval, 0, NULL, NULL);
+	} zend_catch {
+		/* Cancel if a bailout occurs to allow cleanup to happen */
+		return -1;
+	} zend_end_try();
+
 	if (Z_ISUNDEF(cb_retval)) {
 		/* Cancel if an exception has been thrown */
 		return -1;