From: Nikita Popov <nikita.ppv@gmail.com>
Date: Sat, 25 Nov 2017 17:02:01 +0000 (+0100)
Subject: Subtract one zval from memset
X-Git-Tag: php-7.3.0alpha1~951
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=721f2cc51365527a1c70fc788a3b095503963887;p=php

Subtract one zval from memset
---

diff --git a/Zend/zend_objects_API.h b/Zend/zend_objects_API.h
index cffd9ee273..fbcb7059b4 100644
--- a/Zend/zend_objects_API.h
+++ b/Zend/zend_objects_API.h
@@ -90,7 +90,9 @@ static zend_always_inline size_t zend_object_properties_size(zend_class_entry *c
  * Properties MUST be initialized using object_properties_init(). */
 static zend_always_inline void *zend_object_alloc(size_t obj_size, zend_class_entry *ce) {
 	void *obj = emalloc(obj_size + zend_object_properties_size(ce));
-	memset(obj, 0, obj_size);
+	/* Subtraction of sizeof(zval) is necessary, because zend_object_properties_size() may be
+	 * -sizeof(zval), if the object has no properties. */
+	memset(obj, 0, obj_size - sizeof(zval));
 	return obj;
 }