Make sure T_ERROR is returned for all lexer exceptions

This originally manifested as a leak in oss-fuzz php#18000. The following
is a reduced test case:

    <?php
    [
        5 => 1,
        "foo" > 1,
        "      " => "" == 0
    ];
    <<<BAR
    $x
     BAR;

Because this particular error condition did not return T_ERROR,
EG(exception) was set while performing binary operation constant
evaluation, which checks exceptions for cast failures.

Instead of adding this indirect test case, I'm adding an assertion
that the lexer has to return T_ERROR if EG(exception) is set.

Author: nikic

Zend/zend_compile.c

@@ -1693,13 +1693,17 @@ ZEND_API void zend_activate_auto_globals(void) /* {{{ */
 int ZEND_FASTCALL zendlex(zend_parser_stack_elem *elem) /* {{{ */
 {
 	zval zv;
+	int ret;
 
 	if (CG(increment_lineno)) {
 		CG(zend_lineno)++;
 		CG(increment_lineno) = 0;
 	}
 
-	return lex_scan(&zv, elem);
+	ret = lex_scan(&zv, elem);
+	ZEND_ASSERT(!EG(exception) || ret == T_ERROR);
+	return ret;
+
 }
 /* }}} */