From 2122e2019a39acbbd9907917d78a1f6f39e3b67c Mon Sep 17 00:00:00 2001
From: pr-hung <bkedx0000@gmail.com>
Date: Wed, 11 Mar 2026 23:28:39 +0800
Subject: [PATCH] Fix potential vulnerability in cloned code
 (HiRedis/win32fix/zmalloc.c)

---
 HiRedis/win32fix/zmalloc.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/HiRedis/win32fix/zmalloc.c b/HiRedis/win32fix/zmalloc.c
index e57477a..a513e31 100644
--- a/HiRedis/win32fix/zmalloc.c
+++ b/HiRedis/win32fix/zmalloc.c
@@ -58,6 +58,12 @@ void zlibc_free(void *ptr) {
 #endif
 #endif
 
+#if PREFIX_SIZE > 0
+#define ASSERT_NO_SIZE_OVERFLOW(sz) assert((sz) + PREFIX_SIZE > (sz))
+#else
+#define ASSERT_NO_SIZE_OVERFLOW(sz)
+#endif
+
 /* Explicitly override malloc/free etc when using tcmalloc. */
 #if defined(USE_TCMALLOC)
 #define malloc(size) tc_malloc(size)
@@ -132,6 +138,7 @@ static void zmalloc_default_oom(size_t size) {
 static void (*zmalloc_oom_handler)(size_t) = zmalloc_default_oom;
 
 void *zmalloc(size_t size) {
+    ASSERT_NO_SIZE_OVERFLOW(size);
     void *ptr = malloc(size+PREFIX_SIZE);
 
     if (!ptr) zmalloc_oom_handler(size);
@@ -146,6 +153,7 @@ void *zmalloc(size_t size) {
 }
 
 void *zcalloc(size_t size) {
+    ASSERT_NO_SIZE_OVERFLOW(size);
     void *ptr = calloc(1, size+PREFIX_SIZE);
 
     if (!ptr) zmalloc_oom_handler(size);
@@ -160,6 +168,7 @@ void *zcalloc(size_t size) {
 }
 
 void *zrealloc(void *ptr, size_t size) {
+    ASSERT_NO_SIZE_OVERFLOW(size);
 #ifndef HAVE_MALLOC_SIZE
     void *realptr;
 #endif