Fix OSS-Fuzz #403308724

Because simple hooks can be nested without starting a new context, we
need to restore the old property info in case of nested hooks.

Closes GH-18074.

Author: nielsdos

NEWS

@@ -26,6 +26,7 @@ PHP                                                                        NEWS
     (Arnaud)
   . Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown).
     (Arnaud)
+  . Fixed OSS-Fuzz #403308724. (nielsdos)
 
 - DBA:
   . Fixed assertion violation when opening the same file with dba_open

Zend/tests/property_hooks/oss_fuzz_403308724.phpt

@@ -0,0 +1,30 @@
+--TEST--
+OSS-Fuzz #403308724
+--FILE--
+<?php
+class Base {
+    public $y { get => 1; }
+}
+
+class Test extends Base {
+    public $y {
+        get => [new class {
+            public $inner {get => __PROPERTY__;}
+        }, parent::$y::get()];
+    }
+}
+
+$test = new Test;
+$y = $test->y;
+var_dump($y);
+var_dump($y[0]->inner);
+?>
+--EXPECT--
+array(2) {
+  [0]=>
+  object(class@anonymous)#2 (0) {
+  }
+  [1]=>
+  int(1)
+}
+string(5) "inner"

Zend/zend_compile.c

@@ -8645,7 +8645,7 @@ static void zend_compile_prop_decl(zend_ast *ast, zend_ast *type_ast, uint32_t f
 		/* FIXME: This is a dirty fix to maintain ABI compatibility. We don't
 		 * have an actual property info yet, but we really only need the name
 		 * anyway. We should convert this to a zend_string. */
-		ZEND_ASSERT(!CG(context).active_property_info);
+		const zend_property_info *old_active_property_info = CG(context).active_property_info;
 		zend_property_info dummy_prop_info = { .name = name };
 		CG(context).active_property_info = &dummy_prop_info;
 
@@ -8742,7 +8742,7 @@ static void zend_compile_prop_decl(zend_ast *ast, zend_ast *type_ast, uint32_t f
 			zend_compile_attributes(&info->attributes, attr_ast, 0, ZEND_ATTRIBUTE_TARGET_PROPERTY, 0);
 		}
 
-		CG(context).active_property_info = NULL;
+		CG(context).active_property_info = old_active_property_info;
 	}
 }
 /* }}} */