hiredis: improve calloc() overflow fix. (#9630)

Cherry pick a more complete fix to 0215324a6 that also doesn't leak
memory from latest hiredis.

3 files changed, 9 insertions, 1 deletions

diff --git a/deps/hiredis/alloc.c b/deps/hiredis/alloc.c
index 7fb6b35e7..0902286c7 100644
--- a/deps/hiredis/alloc.c
+++ b/deps/hiredis/alloc.c
@@ -68,6 +68,10 @@ void *hi_malloc(size_t size) {
 }
 
 void *hi_calloc(size_t nmemb, size_t size) {
+    /* Overflow check as the user can specify any arbitrary allocator */
+    if (SIZE_MAX / size < nmemb)
+        return NULL;
+
     return hiredisAllocFns.callocFn(nmemb, size);
 }
 
diff --git a/deps/hiredis/alloc.h b/deps/hiredis/alloc.h
index 34a05f49f..771f9fee5 100644
--- a/deps/hiredis/alloc.h
+++ b/deps/hiredis/alloc.h
@@ -32,6 +32,7 @@
 #define HIREDIS_ALLOC_H
 
 #include <stddef.h> /* for size_t */
+#include <stdint.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) {
 }
 
 static inline void *hi_calloc(size_t nmemb, size_t size) {
+    /* Overflow check as the user can specify any arbitrary allocator */
+    if (SIZE_MAX / size < nmemb)
+        return NULL;
+
     return hiredisAllocFns.callocFn(nmemb, size);
 }
 
diff --git a/deps/hiredis/hiredis.c b/deps/hiredis/hiredis.c
index 990f61960..51f22a665 100644
--- a/deps/hiredis/hiredis.c
+++ b/deps/hiredis/hiredis.c
@@ -174,7 +174,6 @@ static void *createArrayObject(const redisReadTask *task, size_t elements) {
         return NULL;
 
     if (elements > 0) {
-        if (SIZE_MAX / sizeof(redisReply*) < elements) return NULL;  /* Don't overflow */
         r->element = hi_calloc(elements,sizeof(redisReply*));
         if (r->element == NULL) {
             freeReplyObject(r);