Description:
------------
Reported by Christian Holler on mailing list, test named 
'crashMemCorruptionZvalDtorFunc', produces the following on valgrind:


==71892== Invalid read of size 4
==71892==    at 0x51D7EA: zend_hash_destroy (in /Users/smalyshev/mphp)
==71892==    by 0x50DFCC: _zval_dtor_func (in /Users/smalyshev/mphp)
==71892==    by 0x4FFB62: _zval_dtor (in /Users/smalyshev/mphp)
==71892==    by 0x4FFEB6: _zval_ptr_dtor (in /Users/smalyshev/mphp)
==71892==    by 0x5B0982: ZEND_ASSIGN_DIM_SPEC_CV_CONST_HANDLER (in 
/Users/smalyshev/mphp)
==71892==    by 0x53AB23: execute (in /Users/smalyshev/mphp)
==71892==    by 0x510794: zend_execute_scripts (in /Users/smalyshev/mphp)
==71892==    by 0x49D228: php_execute_script (in /Users/smalyshev/mphp)
==71892==    by 0x5D2CDD: main (in /Users/smalyshev/mphp)
==71892==  Address 0x5c is not stack'd, malloc'd or (recently) free'd

The bug seems to be because in ZEND_ASSIGN_DIM_SPEC_CV_CONST_HANDLER, 
error_zval_ptr is used to assign to it as if it were array, which seems to lead 
to unexpected consequences. 

Test script:
---------------
$a = '0';
var_dump(isset($a['b']));
$simpleString = preg_match('//', '', $a->a);
$simpleString["wrong"] = "f";