From 721f2cc51365527a1c70fc788a3b095503963887 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Sat, 25 Nov 2017 18:02:01 +0100
Subject: [PATCH] Subtract one zval from memset

---
 Zend/zend_objects_API.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Zend/zend_objects_API.h b/Zend/zend_objects_API.h
index cffd9ee273..fbcb7059b4 100644
--- a/Zend/zend_objects_API.h
+++ b/Zend/zend_objects_API.h
@@ -90,7 +90,9 @@ static zend_always_inline size_t zend_object_properties_size(zend_class_entry *c
  * Properties MUST be initialized using object_properties_init(). */
 static zend_always_inline void *zend_object_alloc(size_t obj_size, zend_class_entry *ce) {
 	void *obj = emalloc(obj_size + zend_object_properties_size(ce));
-	memset(obj, 0, obj_size);
+	/* Subtraction of sizeof(zval) is necessary, because zend_object_properties_size() may be
+	 * -sizeof(zval), if the object has no properties. */
+	memset(obj, 0, obj_size - sizeof(zval));
 	return obj;
 }
 
-- 
2.50.1