Fix OP1 leak in error path of post inc/dec

Fixes oss-fuzz #63802
Closes GH-12599

Author: iluuu1994

NEWS

@@ -12,6 +12,7 @@ PHP                                                                        NEWS
   . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
   . Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type
     if the class name starts with N). (kocsismate)
+  . Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec). (ilutov)
 
 - DOM:
   . Fix registerNodeClass with abstract class crashing. (nielsdos)

Zend/tests/oss_fuzz_63802.phpt

@@ -0,0 +1,34 @@
+--TEST--
+oss-fuzz #63802: OP1 leak in error path of post inc/dec
+--FILE--
+<?php
+class Foo {
+    public function preInc() {
+        ++$this > 42;
+    }
+    public function preDec() {
+        --$this > 42;
+    }
+    public function postInc() {
+        $this++ > 42;
+    }
+    public function postDec() {
+        $this-- > 42;
+    }
+}
+$foo = new Foo();
+foreach (['pre', 'post'] as $prePost) {
+    foreach (['inc', 'dec'] as $incDec) {
+        try {
+            $foo->{$prePost . ucfirst($incDec)}();
+        } catch (TypeError $e) {
+            echo $e->getMessage(), "\n";
+        }
+    }
+}
+?>
+--EXPECT--
+Cannot increment Foo
+Cannot decrement Foo
+Cannot increment Foo
+Cannot decrement Foo

Zend/zend_vm_def.h

@@ -1606,9 +1606,6 @@ ZEND_VM_HELPER(zend_post_inc_helper, VAR|CV, ANY)
 		ZVAL_COPY(EX_VAR(opline->result.var), var_ptr);
 
 		increment_function(var_ptr);
-		if (UNEXPECTED(EG(exception))) {
-			HANDLE_EXCEPTION();
-		}
 	} while (0);
 
 	FREE_OP1();
@@ -1657,9 +1654,6 @@ ZEND_VM_HELPER(zend_post_dec_helper, VAR|CV, ANY)
 		ZVAL_COPY(EX_VAR(opline->result.var), var_ptr);
 
 		decrement_function(var_ptr);
-		if (UNEXPECTED(EG(exception))) {
-			HANDLE_EXCEPTION();
-		}
 	} while (0);
 
 	FREE_OP1();