From 3e75e77dcdc241ca471b9b9a18a44e4b989c8a3c Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Thu, 18 Jul 2019 18:51:45 +0200
Subject: [PATCH] RDB: handle encoding errors with rdbExitReportCorruptRDB().

Without such change, the diskless replicas, when loading RDB files from
the socket will not abort when a broken RDB file gets loaded. This is
potentially unsafe, because right now Redis is not able to guarantee
that encoding errors are safe from the POV of memory corruptions (for
instance the LZF library may not be safe against untrusted data?) so
better to abort when the RDB file we are going to load is corrupted.

Instead I/O errors are still returned to the caller without aborting,
so that in case of short read the diskless replica can try again.


Former-commit-id: 47feb2719ca7fd04e7e108ec1af0f777e536bf8a
---
 src/rdb.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/rdb.cpp b/src/rdb.cpp
index d446109fa..73957220d 100644
--- a/src/rdb.cpp
+++ b/src/rdb.cpp
@@ -278,8 +278,8 @@ void *rdbLoadIntegerObject(rio *rdb, int enctype, int flags, size_t *lenptr) {
         v = enc[0]|(enc[1]<<8)|(enc[2]<<16)|(enc[3]<<24);
         val = (int32_t)v;
     } else {
-        val = 0; /* anti-warning */
         rdbExitReportCorruptRDB("Unknown RDB integer encoding type %d",enctype);
+        return nullptr; /* Never reached. */
     }
     if (plain || sds) {
         char buf[LONG_STR_SIZE], *p;
@@ -497,6 +497,7 @@ void *rdbGenericLoadStringObject(rio *rdb, int flags, size_t *lenptr) {
             return rdbLoadLzfStringObject(rdb,flags,lenptr);
         default:
             rdbExitReportCorruptRDB("Unknown RDB string encoding type %d",len);
+            return nullptr; /* Never reached. */
         }
     }