[perl #113486] pp_ctl.c: Don’t assume CopSTASH is a hash

Calling HvNAME_HEK on something that is not a hash will result in a
crash if it happens to have the SvOOK flag on, because then it tries
to read to the end of HvARRAY, which may not even be a valid pointer.

This can happen with this convoluted test case:

{ package foo; sub bar { main::bar() } }
sub bar {
    delete $::{"foo::"};
    my $x = \($1+2);
    my $y = \($1+2); # this is the one that reuses the mem addr, but
    my $z = \($1+2);  # try the others just in case
    s/2// for $$x, $$y, $$z; # now SvOOK
    warn scalar caller
};
foo::bar

This commit only partially fixes ticket #113486, by eliminating
the crash.  We still have the problem of an unrelated stash reus-
ing the SV.

pp_ctl.c

@@ -1892,7 +1892,9 @@ PP(pp_caller)
 
     DEBUG_CX("CALLER");
     assert(CopSTASH(cx->blk_oldcop));
-    stash_hek = HvNAME_HEK((HV*)CopSTASH(cx->blk_oldcop));
+    stash_hek = SvTYPE(CopSTASH(cx->blk_oldcop)) == SVt_PVHV
+      ? HvNAME_HEK((HV*)CopSTASH(cx->blk_oldcop))
+      : NULL;
     if (GIMME != G_ARRAY) {
         EXTEND(SP, 1);
 	if (!stash_hek)

t/op/caller.t

@@ -5,7 +5,7 @@ BEGIN {
     chdir 't' if -d 't';
     @INC = '../lib';
     require './test.pl';
-    plan( tests => 85 );
+    plan( tests => 86 );
 }
 
 my @c;
@@ -250,6 +250,22 @@ eval { sub { () = caller 0; } ->(1..3) };
 untie @args;
 package main;
 
+# [perl #113486]
+fresh_perl_is <<'END', "ok\n", {},
+  { package foo; sub bar { main::bar() } }
+  sub bar {
+    delete $::{"foo::"};
+    my $x = \($1+2);
+    my $y = \($1+2); # this is the one that reuses the mem addr, but
+    my $z = \($1+2);  # try the others just in case
+    s/2// for $$x, $$y, $$z; # now SvOOK
+    $x = caller;
+    print "ok\n";
+};
+foo::bar
+END
+    "No crash when freed stash is reused for PV with offset hack";
+
 $::testing_caller = 1;
 
 do './op/caller.pl' or die $@;