diff options
| author | Yossi Gottlieb <yossigo@gmail.com> | 2021-07-13 15:16:14 -0700 |
|---|---|---|
| committer | michael-grunder <michael.grunder@gmail.com> | 2021-10-04 11:56:31 -0700 |
| commit | 76a7b10005c70babee357a7d0f2becf28ec7ed1e (patch) | |
| tree | 1e23e1ab45478e9651a06baffd58218f0bac1f72 /hiredis.c | |
| parent | d5b4c69b7113213c1da3a0ccbfd1ee1b40443c7a (diff) | |
Fix for integer/buffer overflow CVE-2021-32765
This fix prevents hiredis from trying to allocate more than `SIZE_MAX`
bytes, which would result in a buffer overrun.
[Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
Diffstat (limited to 'hiredis.c')
| -rw-r--r-- | hiredis.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -174,6 +174,7 @@ static void *createArrayObject(const redisReadTask *task, size_t elements) { return NULL; if (elements > 0) { + if (SIZE_MAX / sizeof(redisReply*) < elements) return NULL; /* Don't overflow */ r->element = hi_calloc(elements,sizeof(redisReply*)); if (r->element == NULL) { freeReplyObject(r); |