Fix potential NULL pointer dereference Windows shm*() functions

`shm_get()` (not to be confused with `shmget()`) returns `NULL` if
reallocation fails; we need to cater to that when calling the function.

Closes GH-9872.

Author: cmb69

NEWS

@@ -10,6 +10,7 @@ PHP                                                                        NEWS
     evaluation with extra named params). (Arnaud)
   . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
     initialization). (Arnaud)
+  . Fixed potential NULL pointer dereference in Windows shm*() functions. (cmb)
 
 - Date:
   . Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if

TSRM/tsrm_win32.c

@@ -702,7 +702,7 @@ TSRM_API void *shmat(int key, const void *shmaddr, int flags)
 {/*{{{*/
 	shm_pair *shm = shm_get(key, NULL);
 
-	if (!shm->segment) {
+	if (!shm || !shm->segment) {
 		return (void*)-1;
 	}
 
@@ -726,7 +726,7 @@ TSRM_API int shmdt(const void *shmaddr)
 	shm_pair *shm = shm_get(0, (void*)shmaddr);
 	int ret;
 
-	if (!shm->segment) {
+	if (!shm || !shm->segment) {
 		return -1;
 	}
 
@@ -746,7 +746,7 @@ TSRM_API int shmctl(int key, int cmd, struct shmid_ds *buf)
 {/*{{{*/
 	shm_pair *shm = shm_get(key, NULL);
 
-	if (!shm->segment) {
+	if (!shm || !shm->segment) {
 		return -1;
 	}