opensourcemirror
/
redis
mirror of https://github.com/antirez/redis.git
1
0
Fork 0
Code Issues Releases Wiki Activity

hiredis: improve calloc() overflow fix. (#9630) 

Cherry pick a more complete fix to 0215324a6 that also doesn't leak
memory from latest hiredis.
This commit is contained in:
Yossi Gottlieb 2021-10-12 20:16:29 +03:00 committed by GitHub
parent 252981914f
commit 922ef86a3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deps/hiredis/alloc.c vendored
View File

@ -68,6 +68,10 @@ void *hi_malloc(size_t size) {
}
void *hi_calloc(size_t nmemb, size_t size) {
/* Overflow check as the user can specify any arbitrary allocator */
if (SIZE_MAX / size < nmemb)
return NULL;
return hiredisAllocFns.callocFn(nmemb, size);
}

5
deps/hiredis/alloc.h vendored
View File

@ -32,6 +32,7 @@
#define HIREDIS_ALLOC_H
#include <stddef.h> /* for size_t */
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) {
}
static inline void *hi_calloc(size_t nmemb, size_t size) {
/* Overflow check as the user can specify any arbitrary allocator */
if (SIZE_MAX / size < nmemb)
return NULL;
return hiredisAllocFns.callocFn(nmemb, size);
}

1
deps/hiredis/hiredis.c vendored
View File

@ -174,7 +174,6 @@ static void *createArrayObject(const redisReadTask *task, size_t elements) {
return NULL;
if (elements > 0) {
if (SIZE_MAX / sizeof(redisReply*) < elements) return NULL; /* Don't overflow */
r->element = hi_calloc(elements,sizeof(redisReply*));
if (r->element == NULL) {
freeReplyObject(r);