From 78025c4a26a048ed7770060c8d90cfc81edf46e8 Mon Sep 17 00:00:00 2001 From: yiyuaner Date: Tue, 2 Nov 2021 23:03:07 +0800 Subject: [PATCH] Add checks for overflow in redis-check-aof and loadAppendOnlyFile (#9669) Co-authored-by: guoyiyuan --- src/aof.c | 1 + src/redis-check-aof.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/src/aof.c b/src/aof.c index 3621167e1..4c334e228 100644 --- a/src/aof.c +++ b/src/aof.c @@ -783,6 +783,7 @@ int loadAppendOnlyFile(char *filename) { if (buf[1] == '\0') goto readerr; argc = atoi(buf+1); if (argc < 1) goto fmterr; + if ((size_t)argc > SIZE_MAX / sizeof(robj*)) goto fmterr; /* Load the next command in the AOF as our fake client * argv. */ diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c index 8cbe84896..01f42ec1b 100644 --- a/src/redis-check-aof.c +++ b/src/redis-check-aof.c @@ -124,6 +124,11 @@ int readString(FILE *fp, char** target) { return 0; } + if (len < 0 || len > LONG_MAX - 2) { + ERROR("Expected to read string of %ld bytes, which is not in the suitable range",len); + return 0; + } + /* Increase length to also consume \r\n */ len += 2; *target = (char*)zmalloc(len);