Don't populate CE_CACHE during compilation

It's possible for CE_CACHE slots to be populated during compilation
(e.g. due to an early binding attempt). When opcache then persists
the class, it clears the CE_CACHE slot for the class name as declared,
but not for different spellings (that only differ in case). As such,
a pointer to the old, non-persistent class entry may be retained.

Fix this by not populating CE_CACHE if in_compilation is set.

Closes GH-7542.

Author: nikic

Zend/zend_execute_API.c

@@ -1075,7 +1075,10 @@ ZEND_API zend_class_entry *zend_lookup_class_ex(zend_string *name, zend_string *
 			}
 			return NULL;
 		}
-		if (ZSTR_HAS_CE_CACHE(name)) {
+		/* Don't populate CE_CACHE for mutable classes during compilation.
+		 * The class may be freed while persisting. */
+		if (ZSTR_HAS_CE_CACHE(name) &&
+				(!CG(in_compilation) || (ce->ce_flags & ZEND_ACC_IMMUTABLE))) {
 			ZSTR_SET_CE_CACHE(name, ce);
 		}
 		return ce;
@@ -1131,6 +1134,7 @@ ZEND_API zend_class_entry *zend_lookup_class_ex(zend_string *name, zend_string *
 		zend_string_release_ex(lc_name, 0);
 	}
 	if (ce) {
+		ZEND_ASSERT(!CG(in_compilation));
 		if (ZSTR_HAS_CE_CACHE(name)) {
 			ZSTR_SET_CE_CACHE(name, ce);
 		}

ext/opcache/zend_persist.c

@@ -868,9 +868,6 @@ zend_class_entry *zend_persist_class_entry(zend_class_entry *orig_ce)
 		ce->inheritance_cache = NULL;
 
 		if (!(ce->ce_flags & ZEND_ACC_CACHED)) {
-			if (ZSTR_HAS_CE_CACHE(ce->name)) {
-				ZSTR_SET_CE_CACHE(ce->name, NULL);
-			}
 			zend_accel_store_interned_string(ce->name);
 			if (!(ce->ce_flags & ZEND_ACC_ANON_CLASS)
 			 && !ZCG(current_persistent_script)->corrupted) {