Fix GH-10983: State-dependant segfault in ReflectionObject::getProperties

This is a variant of GH-10200, but in a different place.
Basically, simplexml may create a properties table that's packed instead
of associative. But the macro that was used to loop over the properties
table assumed that it was always associative. Replace it by the macro
that figures it out automatically which one of the two it is.

For test: Co-authored-by: jnvsor

Closes GH-10984.

NEWS

@@ -14,6 +14,10 @@ PHP                                                                        NEWS
 - PCRE:
   . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov)
 
+- Reflection:
+  . Fixed bug GH-10983 (State-dependant segfault in
+    ReflectionObject::getProperties). (nielsdos)
+
 - SPL:
   . Handle indirect zvals and use up-to-date properties in
     SplFixedArray::__serialize. (nielsdos)

ext/reflection/php_reflection.c

@@ -4686,7 +4686,7 @@ ZEND_METHOD(ReflectionClass, getProperties)
 	if (Z_TYPE(intern->obj) != IS_UNDEF && (filter & ZEND_ACC_PUBLIC) != 0) {
 		HashTable *properties = Z_OBJ_HT(intern->obj)->get_properties(Z_OBJ(intern->obj));
 		zval *prop;
-		ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(properties, key, prop) {
+		ZEND_HASH_FOREACH_STR_KEY_VAL(properties, key, prop) {
 			_adddynproperty(prop, key, ce, return_value);
 		} ZEND_HASH_FOREACH_END();
 	}

ext/simplexml/tests/gh10983.phpt

@@ -0,0 +1,23 @@
+--TEST--
+GH-10983 (State-dependant segfault in ReflectionObject::getProperties)
+--EXTENSIONS--
+simplexml
+--FILE--
+<?php
+
+$xml = <<<XML
+<form name="test"></form>
+XML;
+
+$simplexml = simplexml_load_string($xml);
+
+var_dump($simplexml['name']);
+$reflector = new ReflectionObject($simplexml['name']);
+$rprops = $reflector->getProperties();
+
+?>
+--EXPECT--
+object(SimpleXMLElement)#2 (1) {
+  [0]=>
+  string(4) "test"
+}