Fix use-after-free of constant name

The constant name is usually interend. Without opcache, compilation always
interns strings. Without opcache, compilation does not intern (new) strings, but
persisting of script does. If a script is not stored in shm the constant name
will not be interned.

The building of enum backing stores was missing a addref for the constant name,
leading to a double-free when releasing constants and backing stores of enums.

Author: iluuu1994

Zend/tests/gh12366.phpt

@@ -0,0 +1,32 @@
+--TEST--
+GH-12366: Use-after-free of constant name when script doesn't fit in SHM
+--EXTENSIONS--
+opcache
+--INI--
+opcache.enable_cli=1
+opcache.file_update_protection=1
+--FILE--
+<?php
+
+$file = __DIR__ . '/gh12366.inc';
+
+$fileContent = <<<PHP
+<?php
+enum Level: int {
+    case Debug = 100;
+}
+var_dump(Level::Debug);
+PHP;
+file_put_contents($file, $fileContent);
+
+// Use opcache.file_update_protection=1 to make sure the included file is not persisted in shm.
+require $file;
+
+?>
+--CLEAN--
+<?php
+$file = __DIR__ . '/gh12366.inc';
+@unlink($file);
+?>
+--EXPECT--
+enum(Level::Debug)

Zend/zend_enum.c

@@ -229,6 +229,7 @@ zend_result zend_enum_build_backed_enum_table(zend_class_entry *ce)
 					ZSTR_VAL(name));
 				goto failure;
 			}
+			Z_TRY_ADDREF_P(case_name);
 			zend_hash_index_add_new(backed_enum_table, long_key, case_name);
 		} else {
 			ZEND_ASSERT(ce->enum_backing_type == IS_STRING);
@@ -241,6 +242,7 @@ zend_result zend_enum_build_backed_enum_table(zend_class_entry *ce)
 					ZSTR_VAL(name));
 				goto failure;
 			}
+			Z_TRY_ADDREF_P(case_name);
 			zend_hash_add_new(backed_enum_table, string_key, case_name);
 		}
 	} ZEND_HASH_FOREACH_END();