From 6fab1caa4100cf05fcf485ef0917830ae9f57563 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Fri, 30 Aug 2013 10:45:33 +0200
Subject: Fixed bug #65564 stack-buffer-overflow in DateTimeZone stuff caught
 by AddressSanitizer

---
 NEWS                | 2 ++
 ext/date/php_date.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index d637d0ac03..ab1b5caeef 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,8 @@ PHP                                                                        NEWS
 - Datetime:
   . Fixed bug #65554 (createFromFormat broken when weekday name is followed
     by some delimiters). (Valentin Logvinskiy, Stas).
+  . Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught
+    by AddressSanitizer). (Remi).
 
 - OPCache:
   . Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index 997038a030..95c68f1a78 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -2305,7 +2305,7 @@ static HashTable *date_object_get_properties_timezone(zval *object TSRMLS_DC)
 
 	MAKE_STD_ZVAL(zv);
 	ZVAL_LONG(zv, tzobj->type);
-	zend_hash_update(props, "timezone_type", 14, &zv, sizeof(zval), NULL);
+	zend_hash_update(props, "timezone_type", 14, &zv, sizeof(zv), NULL);
 
 	MAKE_STD_ZVAL(zv);
 	switch (tzobj->type) {
@@ -2327,7 +2327,7 @@ static HashTable *date_object_get_properties_timezone(zval *object TSRMLS_DC)
 			ZVAL_STRING(zv, tzobj->tzi.z.abbr, 1);
 			break;
 	}
-	zend_hash_update(props, "timezone", 9, &zv, sizeof(zval), NULL);
+	zend_hash_update(props, "timezone", 9, &zv, sizeof(zv), NULL);
 
 	return props;
 }
-- 
cgit v1.2.1