Santize dump payload: fix crash when stream with duplicate consumes (#9918)
When rdb creates a consumer without determining whether it exists in advance, it may return NULL and crash if it encounters corrupt data with duplicate consumers.
This commit is contained in:
sundb
GitHub
parent
07b1326073
commit
7f0fae947a
@ -2475,6 +2475,11 @@ robj *rdbLoadObject(int rdbtype, rio *rdb, sds key, int dbid, int *error) {
|
||||
streamConsumer *consumer = streamCreateConsumer(cgroup,cname,NULL,0,
|
||||
SCC_NO_NOTIFY|SCC_NO_DIRTIFY);
|
||||
sdsfree(cname);
|
||||
if (!consumer) {
|
||||
rdbReportCorruptRDB("Duplicate stream consumer detected.");
|
||||
decrRefCount(o);
|
||||
return NULL;
|
||||
}
|
||||
consumer->seen_time = rdbLoadMillisecondTime(rdb,RDB_VERSION);
|
||||
if (rioGetReadError(rdb)) {
|
||||
rdbReportReadError("Stream short read reading seen time.");
|
||||
|
||||
@ -225,6 +225,17 @@ test {corrupt payload: listpack too long entry prev len} {
|
||||
}
|
||||
}
|
||||
|
||||
test {corrupt payload: stream with duplicate consumers} {
|
||||
start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
|
||||
catch {
|
||||
r restore key 0 "\x0F\x00\x00\x00\x00\x01\x07\x6D\x79\x67\x72\x6F\x75\x70\x00\x00\x00\x02\x04\x6E\x61\x6D\x65\x2A\x4C\xAA\x9A\x7D\x01\x00\x00\x00\x04\x6E\x61\x6D\x65\x2B\x4C\xAA\x9A\x7D\x01\x00\x00\x00\x0A\x00\xCC\xED\x8C\xA7\x62\xEE\xC7\xC8"
|
||||
} err
|
||||
assert_match "*Bad data format*" $err
|
||||
verify_log_message 0 "*Duplicate stream consumer detected*" 0
|
||||
r ping
|
||||
}
|
||||
}
|
||||
|
||||
test {corrupt payload: hash ziplist with duplicate records} {
|
||||
# when we do perform full sanitization, we expect duplicate records to fail the restore
|
||||
start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user