From dd73b387f555cc3454d1cdbc5db6d5dd7150c0eb Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 13 Dec 2024 18:12:46 +0100
Subject: [PATCH] Fix GH-17145: DOM memory leak

Because the use of RETURN instead of RETVAL, the freeing code could not
be executed. This only is triggerable if the content of the attribute is
mixed text and entities, so it wasn't noticed earlier.
---
 ext/dom/php_dom.c          |  2 +-
 ext/dom/tests/gh17145.phpt | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 ext/dom/tests/gh17145.phpt

diff --git a/ext/dom/php_dom.c b/ext/dom/php_dom.c
index c8372ef8e17ee..9c1dc5f61d391 100644
--- a/ext/dom/php_dom.c
+++ b/ext/dom/php_dom.c
@@ -2375,7 +2375,7 @@ void php_dom_get_content_into_zval(const xmlNode *nodep, zval *return_value, boo
 		case XML_ATTRIBUTE_NODE: {
 			bool free;
 			xmlChar *value = php_libxml_attr_value((const xmlAttr *) nodep, &free);
-			RETURN_STRING_FAST((const char *) value);
+			RETVAL_STRING_FAST((const char *) value);
 			if (free) {
 				xmlFree(value);
 			}
diff --git a/ext/dom/tests/gh17145.phpt b/ext/dom/tests/gh17145.phpt
new file mode 100644
index 0000000000000..34e4576788fbb
--- /dev/null
+++ b/ext/dom/tests/gh17145.phpt
@@ -0,0 +1,18 @@
+--TEST--
+GH-17145 (DOM memory leak)
+--EXTENSIONS--
+dom
+--CREDITS--
+YuanchengJiang
+--FILE--
+<?php
+$element = new DOMElement("N", "W", "y");
+$attr = new DOMAttr("c" , "n");
+$doc = new DOMDocument();
+$doc->appendChild($element);
+$element->setAttributeNodeNS($attr);
+$attr->appendChild($doc->createEntityReference('amp'));
+echo $attr->value;
+?>
+--EXPECT--
+n&