RDB: handle encoding errors with rdbExitReportCorruptRDB().

Without such change, the diskless replicas, when loading RDB files from the socket will not abort when a broken RDB file gets loaded. This is potentially unsafe, because right now Redis is not able to guarantee that encoding errors are safe from the POV of memory corruptions (for instance the LZF library may not be safe against untrusted data?) so better to abort when the RDB file we are going to load is corrupted. Instead I/O errors are still returned to the caller without aborting, so that in case of short read the diskless replica can try again. Former-commit-id: 47feb2719ca7fd04e7e108ec1af0f777e536bf8a
2019-07-18 18:51:45 +02:00 · 2019-07-18 18:51:45 +02:00 · 3e75e77dcd
commit 3e75e77dcd
parent bb9b8ee164
1 changed files with 2 additions and 1 deletions
--- a/src/rdb.cpp
+++ b/src/rdb.cpp
@ -278,8 +278,8 @@ void *rdbLoadIntegerObject(rio *rdb, int enctype, int flags, size_t *lenptr) {
        v = enc[0]|(enc[1]<<8)|(enc[2]<<16)|(enc[3]<<24);
        val = (int32_t)v;
    } else {
-        val = 0; /* anti-warning */
        rdbExitReportCorruptRDB("Unknown RDB integer encoding type %d",enctype);
+        return nullptr; /* Never reached. */
    }
    if (plain || sds) {
        char buf[LONG_STR_SIZE], *p;
@ -497,6 +497,7 @@ void *rdbGenericLoadStringObject(rio *rdb, int flags, size_t *lenptr) {
            return rdbLoadLzfStringObject(rdb,flags,lenptr);
        default:
            rdbExitReportCorruptRDB("Unknown RDB string encoding type %d",len);
+            return nullptr; /* Never reached. */
        }
    }