Fix uaf of MBSTRG(all_encodings_list)

We need to remove the value from the GC buffer before freeing it. Otherwise
shutdown will uaf when running the gc.

Author: iluuu1994

ext/mbstring/mbstring.c

@@ -1158,6 +1158,7 @@ PHP_RSHUTDOWN_FUNCTION(mbstring)
 	MBSTRG(outconv_state) = 0;
 
 	if (MBSTRG(all_encodings_list)) {
+		GC_REMOVE_FROM_BUFFER(MBSTRG(all_encodings_list));
 		GC_DELREF(MBSTRG(all_encodings_list));
 		zend_hash_destroy(MBSTRG(all_encodings_list));
 		efree(MBSTRG(all_encodings_list));

ext/mbstring/tests/mb_list_encodings_gc_uaf.phpt

@@ -0,0 +1,9 @@
+--TEST--
+Use-after-free of MBSTRG(all_encodings_list) on shutdown
+--EXTENSIONS--
+mbstring
+--FILE--
+<?php
+mb_list_encodings();
+?>
+--EXPECT--