Fix trampoline leak on dynamic static call of non-static method

Fixes oss-fuzz #30317.

Author: nikic

Zend/tests/dynamic_call_non_static.phpt

@@ -0,0 +1,30 @@
+--TEST--
+Dynamic static call of non-static method
+--FILE--
+<?php
+class Foo {
+    function test1() {
+        $method = ['Foo', 'bar'];
+        $method();
+    }
+    function test2() {
+        $method = 'Foo::bar';
+        $method();
+    }
+    function __call($name, $args) {}
+}
+$x = new Foo;
+try {
+    $x->test1();
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+try {
+    $x->test2();
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Non-static method Foo::bar() cannot be called statically
+Non-static method Foo::bar() cannot be called statically

Zend/zend_execute.c

@@ -4005,6 +4005,10 @@ static zend_never_inline zend_execute_data *zend_init_dynamic_call_string(zend_s
 
 		if (UNEXPECTED(!(fbc->common.fn_flags & ZEND_ACC_STATIC))) {
 			zend_non_static_method_call(fbc);
+			if (fbc->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) {
+				zend_string_release_ex(fbc->common.function_name, 0);
+				zend_free_trampoline(fbc);
+			}
 			return NULL;
 		}
 		if (EXPECTED(fbc->type == ZEND_USER_FUNCTION) && UNEXPECTED(!RUN_TIME_CACHE(&fbc->op_array))) {
@@ -4129,6 +4133,10 @@ static zend_never_inline zend_execute_data *zend_init_dynamic_call_array(zend_ar
 			}
 			if (!(fbc->common.fn_flags & ZEND_ACC_STATIC)) {
 				zend_non_static_method_call(fbc);
+				if (fbc->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) {
+					zend_string_release_ex(fbc->common.function_name, 0);
+					zend_free_trampoline(fbc);
+				}
 				return NULL;
 			}
 			object_or_called_scope = called_scope;