Fix oss-fuzz #62294

Author: Girgias

Zend/tests/in-de-crement/oss-fuzz-60709_globals.phpt renamed to Zend/tests/in-de-crement/oss-fuzz-60709_globals_unset_after_undef_warning.phpt

@@ -1,5 +1,5 @@
 --TEST--
-oss-fuzz #60709: Test
+oss-fuzz #60709: Unsetting variable after undefined variable warning in ++/--
 --FILE--
 <?php
 set_error_handler(function($_, $m) {

Zend/tests/in-de-crement/oss-fuzz-62294_globals_unset_after_string_warning.phpt

@@ -0,0 +1,38 @@
+--TEST--
+oss-fuzz #62294: Unsetting variable after ++/-- on string variable warning
+--FILE--
+<?php
+set_error_handler(function($_, $m) {
+    echo "$m\n";
+    unset($GLOBALS['x']);
+});
+
+$x=" ";
+echo "POST DEC\n";
+var_dump($x--);
+
+$x=" ";
+echo "PRE DEC\n";
+var_dump(--$x);
+
+$x=" ";
+echo "POST INC\n";
+var_dump($x++);
+
+$x=" ";
+echo "PRE INC\n";
+var_dump(++$x);
+?>
+--EXPECT--
+POST DEC
+Decrement on non-numeric string has no effect and is deprecated
+string(1) " "
+PRE DEC
+Decrement on non-numeric string has no effect and is deprecated
+string(1) " "
+POST INC
+Increment on non-alphanumeric string is deprecated
+string(1) " "
+PRE INC
+Increment on non-alphanumeric string is deprecated
+string(1) " "

Zend/zend_operators.c

@@ -2738,10 +2738,19 @@ ZEND_API zend_result ZEND_FASTCALL decrement_function(zval *op1) /* {{{ */
 					ZVAL_DOUBLE(op1, dval - 1);
 					break;
 				default:
+					/* Error handler can unset the variable */
+					zend_string *zstr = Z_STR_P(op1);
+					GC_TRY_ADDREF(zstr);
 					zend_error(E_DEPRECATED, "Decrement on non-numeric string has no effect and is deprecated");
 					if (EG(exception)) {
+						GC_TRY_DELREF(zstr);
+						if (!GC_REFCOUNT(zstr)) {
+							efree(zstr);
+						}
 						return FAILURE;
 					}
+					zval_ptr_dtor(op1);
+					ZVAL_STR(op1, zstr);
 			}
 			break;
 		case IS_NULL: {