Subtract one zval from memset

diff --git a/Zend/zend_objects_API.h b/Zend/zend_objects_API.h
index cffd9ee273c308ca19680df4c53fd657e0a9ca8e..fbcb7059b41185cc0828b5d0ff2cdab824084b70 100644 (file)
--- a/Zend/zend_objects_API.h
+++ b/Zend/zend_objects_API.h
@@ -90,7 +90,9 @@ static zend_always_inline size_t zend_object_properties_size(zend_class_entry *c
  * Properties MUST be initialized using object_properties_init(). */
 static zend_always_inline void *zend_object_alloc(size_t obj_size, zend_class_entry *ce) {
        void *obj = emalloc(obj_size + zend_object_properties_size(ce));
-       memset(obj, 0, obj_size);
+       /* Subtraction of sizeof(zval) is necessary, because zend_object_properties_size() may be
+        * -sizeof(zval), if the object has no properties. */
+       memset(obj, 0, obj_size - sizeof(zval));
        return obj;
 }