diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
index f9712b5f..7db2451f 100644
--- a/src/sp_disable_xxe.c
+++ b/src/sp_disable_xxe.c
@@ -18,7 +18,7 @@ int hook_libxml_disable_entity_loader() {
 
   zval func_name;
   zval retval;
-  zval params[1];
+  zval params[1] = {0};
 
 #if PHP_VERSION_ID < 80000
   // This function is deprecated in PHP8, but better safe than sorry for php7.
diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
index 657e650d..e9941234 100644
--- a/src/sp_pcre_compat.c
+++ b/src/sp_pcre_compat.c
@@ -45,7 +45,7 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str,
   ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL);
   pcre2_match_data_free(match_data);
 #else
-  int vec[30];
+  int vec[30] = {0};
   ret = pcre_exec(regexp, NULL, str, len, 0, 0, vec, sizeof(vec) / sizeof(int));
 #endif
 
diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c
index 8afddc94..fca4be59 100644
--- a/src/sp_sloppy.c
+++ b/src/sp_sloppy.c
@@ -48,7 +48,7 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name,
                           const char* spec) {
   zif_handler handler;
   zval func_name;
-  zval params[3];
+  zval params[3] = {0};
   zval *value, *array = NULL;
   zend_bool strict = 0;
   uint32_t nb_params = ZEND_NUM_ARGS();
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 1c9f731f..5ede0154 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -12,7 +12,7 @@ PHP_FUNCTION(sp_serialize) {
   /* Compute the HMAC of the textual representation of the serialized data*/
   zval func_name;
   zval hmac;
-  zval params[3];
+  zval params[3] = {0};
 
   ZVAL_STRING(&func_name, "hash_hmac");
   ZVAL_STRING(&params[0], "sha256");
@@ -65,7 +65,7 @@ PHP_FUNCTION(sp_unserialize) {
   zval func_name;
   ZVAL_STRING(&func_name, "hash_hmac");
 
-  zval params[3];
+  zval params[3] = {0};
   ZVAL_STRING(&params[0], "sha256");
   ZVAL_STRING(&params[1], serialized_str);
   ZVAL_STRING(
diff --git a/src/sp_utils.c b/src/sp_utils.c
index ff85494c..2f0f5652 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -72,8 +72,8 @@ void sp_log_msgf(char const* restrict feature, int level, int type,
 
 int compute_hash(const char* const restrict filename,
                  char* restrict file_hash) {
-  unsigned char buf[1024];
-  unsigned char digest[SHA256_SIZE];
+  unsigned char buf[1024] = {0};
+  unsigned char digest[SHA256_SIZE] = {0};
   PHP_SHA256_CTX context;
   size_t n;