Fixed bug #64827 Segfault in zval_mark_grey (zend_gc.c)

I can not get a reproduce script since the context is very strict.

Of course I will try to make one, but for now, I just commit this first.

Author: laruence

NEWS

@@ -9,6 +9,7 @@ PHP                                                                        NEWS
     (David Soria Parra, Laruence)
 
 - OPcache
+  . Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)). (Laruence)
   . OPcache must be compatible with LiteSpeed SAPI (Dmitry)
 
 - CLI server:

ext/opcache/ZendAccelerator.c

@@ -2163,7 +2163,10 @@ static void accel_fast_zval_ptr_dtor(zval **zval_ptr)
 			case IS_CONSTANT_ARRAY: {
 					TSRMLS_FETCH();
 
+					GC_REMOVE_ZVAL_FROM_BUFFER(zvalue);
 					if (zvalue->value.ht && (zvalue->value.ht != &EG(symbol_table))) {
+						/* break possible cycles */
+						Z_TYPE_P(zvalue) = IS_NULL;
 						zvalue->value.ht->pDestructor = (dtor_func_t)accel_fast_zval_ptr_dtor;
 						accel_fast_hash_destroy(zvalue->value.ht);
 					}
@@ -2173,6 +2176,7 @@ static void accel_fast_zval_ptr_dtor(zval **zval_ptr)
 				{
 					TSRMLS_FETCH();
 
+					GC_REMOVE_ZVAL_FROM_BUFFER(zvalue);
 					Z_OBJ_HT_P(zvalue)->del_ref(zvalue TSRMLS_CC);
 				}
 				break;