Fix OSS-Fuzz #61712

[nielsdos]

Because the error handler is invoked after the property is updated, the error handler has the opportunity to remove it before the property is returned.

Switching the order around fixes this issue. The comments mention that the current ordering prevents overwriting the EG(std_property_info) field in the error handler. EG(std_property_info) no longer exists as it was removed in 7471c21. Back then a global was used to store the returned property info, but as this is no longer the case there is no longer a need to protect against overwriting a global.

[dstogov]

It's OK to merge this into master, but I'm not completely sure about the old branches.

[iluuu1994]

This slightly changes behavior for observing the property inside the error handler. But it's unlikely that somebody relies on this.

#[AllowDynamicProperties]
class C {
    function error($_, $msg) {
        echo $msg, "\n";
        var_dump($this->a);
    }
}

$c = new C;
set_error_handler([$c, 'error']);
$c->a %= 10;
var_dump($c->a);

Currently:

Undefined property: C::$a
NULL
int(0)

After:

Undefined property: C::$a

Warning: Undefined property: C::$a in /home/ilutov/Developer/php-src/test.php on line 6
NULL
int(0)

The warning is now emitted twice. This is certainly acceptable in master. It also probably makes more sense, as the user never set it to null.

[dstogov]

I don't object against merging this into old branches, but as @iluuu1994 showed this changes behavior, and I hardly ever expect if this bug may affect any app.

[nielsdos]

I hardly ever expect if this bug may affect any app.

I agree. Let's go with master branch for safety reasons.