1 files changed, 36 insertions, 0 deletions

diff --git a/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch
new file mode 100644
index 000000000000..ad1bb80ac0de
--- /dev/null
+++ b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch
@@ -0,0 +1,36 @@
+--- a/vendor/hiredis/alloc.c
++++ b/vendor/hiredis/alloc.c
+@@ -68,6 +68,10 @@ void *hi_malloc(size_t size) {
+ }
+ 
+ void *hi_calloc(size_t nmemb, size_t size) {
++    /* Overflow check as the user can specify any arbitrary allocator */
++    if (SIZE_MAX / size < nmemb)
++        return NULL;
++
+     return hiredisAllocFns.callocFn(nmemb, size);
+ }
+ 
+diff --git a/alloc.h b/alloc.h
+index 34a05f4..771f9fe 100644
+--- a/vendor/hiredis/alloc.h
++++ b/vendor/hiredis/alloc.h
+@@ -32,6 +32,7 @@
+ #define HIREDIS_ALLOC_H
+ 
+ #include <stddef.h> /* for size_t */
++#include <stdint.h>
+ 
+ #ifdef __cplusplus
+ extern "C" {
+@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) {
+ }
+ 
+ static inline void *hi_calloc(size_t nmemb, size_t size) {
++    /* Overflow check as the user can specify any arbitrary allocator */
++    if (SIZE_MAX / size < nmemb)
++        return NULL;
++
+     return hiredisAllocFns.callocFn(nmemb, size);
+ }
+