Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3:
  Fix OSS-Fuzz #427814456

NEWS

@@ -9,6 +9,7 @@ PHP                                                                        NEWS
   . Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction
     order). (Daniil Gentili)
   . Fixed bug GH-18907 (Leak when creating cycle in hook). (ilutov)
+  . Fix OSS-Fuzz #427814456. (nielsdos)
 
 - Curl:
   . Fix memory leaks when returning refcounted value from curl callback.

Zend/tests/numeric_strings/oss_fuzz_427814456.phpt

@@ -0,0 +1,11 @@
+--TEST--
+OSS-Fuzz #427814456
+--FILE--
+<?php
+set_error_handler(function(){unset($GLOBALS['x']);});
+$x = str_repeat("3e33", random_int(2, 2));
+$x & true;
+echo "Done\n";
+?>
+--EXPECT--
+Done

Zend/zend_operators.c

@@ -402,6 +402,7 @@ try_again:
 				zend_long lval;
 				double dval;
 				bool trailing_data = false;
+				zend_string *op_str = NULL; /* protect against error handlers */
 
 				/* For BC reasons we allow errors so that we can warn on leading numeric string */
 				type = is_numeric_string_ex(Z_STRVAL_P(op), Z_STRLEN_P(op), &lval, &dval,
@@ -411,6 +412,9 @@ try_again:
 					return 0;
 				}
 				if (UNEXPECTED(trailing_data)) {
+					if (type != IS_LONG) {
+						op_str = zend_string_copy(Z_STR_P(op));
+					}
 					zend_error(E_WARNING, "A non-numeric value encountered");
 					if (UNEXPECTED(EG(exception))) {
 						*failed = 1;
@@ -426,11 +430,12 @@ try_again:
 					 */
 					lval = zend_dval_to_lval_cap(dval);
 					if (!zend_is_long_compatible(dval, lval)) {
-						zend_incompatible_string_to_long_error(Z_STR_P(op));
+						zend_incompatible_string_to_long_error(op_str ? op_str : Z_STR_P(op));
 						if (UNEXPECTED(EG(exception))) {
 							*failed = 1;
 						}
 					}
+					zend_tmp_string_release(op_str);
 					return lval;
 				}
 			}