Fix assumption about property guard hash value

The "member" string here does not necessarily have a pre-calculated
hash value. In particular this is not the case if the class has no
properties.

Fixes oss-fuzz #25546.

Author: nikic

Zend/tests/property_guard_hash_val.phpt

@@ -0,0 +1,16 @@
+--TEST--
+Test property guard hash value assumption
+--FILE--
+<?php
+class Test {
+    function __get($var) {
+        return $this->{$var.''};
+    }
+}
+
+$test = new Test;
+var_dump($test->x);
+?>
+--EXPECTF--
+Notice: Undefined property: Test::$x in %s on line %d
+NULL

Zend/zend_object_handlers.c

@@ -619,8 +619,8 @@ ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *membe
 	if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
 		zend_string *str = Z_STR_P(zv);
 		if (EXPECTED(str == member) ||
-		     /* hash values are always pred-calculated here */
-		    (EXPECTED(ZSTR_H(str) == ZSTR_H(member)) &&
+		     /* "str" always has a pre-calculated hash value here */
+		    (EXPECTED(ZSTR_H(str) == zend_string_hash_val(member)) &&
 		     EXPECTED(zend_string_equal_content(str, member)))) {
 			return &Z_PROPERTY_GUARD_P(zv);
 		} else if (EXPECTED(Z_PROPERTY_GUARD_P(zv) == 0)) {