fix(zend): use-after-free?

Signed-off-by: azjezz <azjezz@protonmail.com>

Author: azjezz

Zend/zend_inheritance.c

@@ -1958,6 +1958,7 @@ static void do_inherit_property(zend_property_info *parent_info, zend_string *ke
 								zend_function *clone_fn = zend_arena_alloc(&CG(arena), sizeof(zend_op_array));
 								memcpy(clone_fn, orig, sizeof(zend_op_array));
 								clone_fn->op_array.arg_info = new_arg_info + 1;
+								function_add_ref(clone_fn);
 
 								clone_hooks[hi] = clone_fn;
 							}

Zend/zend_opcode.c

@@ -597,6 +597,14 @@ ZEND_API void destroy_zend_class(zval *zv)
 							}
 						}
 					}
+				} else if (prop_info->flags & ZEND_ACC_GENERIC_CLONE) {
+					if (prop_info->hooks) {
+						for (uint32_t i = 0; i < ZEND_PROPERTY_HOOK_COUNT; i++) {
+							if (prop_info->hooks[i]) {
+								destroy_op_array(&prop_info->hooks[i]->op_array);
+							}
+						}
+					}
 				}
 			} ZEND_HASH_FOREACH_END();
 			zend_hash_destroy(&ce->properties_info);