From f6885a967eaf0955c5d0dbc8f3181cdf461759cf Mon Sep 17 00:00:00 2001
From: arshidkv12 <arshidkv12@gmail.com>
Date: Tue, 10 Feb 2026 17:09:24 +0530
Subject: [PATCH] ext/intl: Fix use-after-free in grapheme_stripos ASCII
 fast-path

---
 ext/intl/grapheme/grapheme_string.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ext/intl/grapheme/grapheme_string.cpp b/ext/intl/grapheme/grapheme_string.cpp
index 6dd5a002a65b8..3791f1e173366 100644
--- a/ext/intl/grapheme/grapheme_string.cpp
+++ b/ext/intl/grapheme/grapheme_string.cpp
@@ -180,13 +180,15 @@ U_CFUNC PHP_FUNCTION(grapheme_stripos)
 
 		found = php_memnstr(haystack_dup + noffset, needle_dup, needle_len, haystack_dup + haystack_len);
 
-		efree(haystack_dup);
 		efree(needle_dup);
 
 		if (found) {
-			RETURN_LONG(found - haystack_dup);
+			ret_pos = found - haystack_dup;
+			efree(haystack_dup);
+			RETURN_LONG(ret_pos);
 		}
-
+		
+		efree(haystack_dup);
 		/* if needle was ascii too, we are all done, otherwise we need to try using Unicode to see what we get */
 		if ( grapheme_ascii_check((unsigned char *)needle, needle_len) >= 0 ) {
 			RETURN_FALSE;