Description:
------------
I'll file a PR for this shortly.

zend_std_get_method() doesn't increment the refcount on the given method_name zend_string (which is good) _except_ when the method is resolved via __call (which is bad). This is due to https://github.com/php/php-src/blob/741bfe3932de28c20f401cc7e0447fffb2bea7d6/Zend/zend_object_handlers.c#L1065-L1069, which calls zend_string_copy() in normal operation.

This makes it very easy to leak the string, since a possible pattern might be:

method_name = zend_string_init(name, name_len);
func = Z_OBJ_HT_P(obj)->get_method(&Z_OBJ_P(obj), method_name, NULL);
zend_string_release(method_name);

For non-__call classes, method_name is freed at this point. For __call classes, not so much. Obviously another option here is to use zend_string_free(), but I think it'd be considerably better if we just didn't ever increment the refcount.