diff --git a/ChangeLog b/ChangeLog
index acc2d637af..6dc79717c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-Sun Dec 13 18:25:16 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+Sun Dec 13 18:26:31 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/tk/tkutil/tkutil.c (tk_hash_kv): check types of array
+	  argument.  reported by Marcin 'Icewall' Noga of Cisco Talos.
 
 	* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check length of
 	  argument arrays for each access, as callback methods can modify
diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c
index fc9ed2d5e3..147dfa23d1 100644
--- a/ext/tk/tkutil/tkutil.c
+++ b/ext/tk/tkutil/tkutil.c
@@ -804,6 +804,7 @@ tk_hash_kv(argc, argv, self)
     switch(argc) {
     case 3:
         ary = argv[2];
+	Check_Type(ary, T_ARRAY);
     case 2:
         enc_flag = argv[1];
     case 1: