diff options
author | Huang Zhw <huang_zhw@126.com> | 2021-07-21 21:25:19 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-21 16:25:19 +0300 |
commit | 71d452876ebf8456afaadd6b3c27988abadd1148 (patch) | |
tree | 349fcae100a2892751b2ea939fdedae07981eeac /.github | |
parent | 32e61ee295beb8a45b66c4488937f17d0cd0fca7 (diff) | |
download | redis-71d452876ebf8456afaadd6b3c27988abadd1148.tar.gz |
On 32 bit platform, the bit position of GETBIT/SETBIT/BITFIELD/BITCOUNT,BITPOS may overflow (see CVE-2021-32761) (#9191)
GETBIT, SETBIT may access wrong address because of wrap.
BITCOUNT and BITPOS may return wrapped results.
BITFIELD may access the wrong address but also allocate insufficient memory and segfault (see CVE-2021-32761).
This commit uses `uint64_t` or `long long` instead of `size_t`.
related https://github.com/redis/redis/pull/8096
At 32bit platform:
> setbit bit 4294967295 1
(integer) 0
> config set proto-max-bulk-len 536870913
OK
> append bit "\xFF"
(integer) 536870913
> getbit bit 4294967296
(integer) 0
When the bit index is larger than 4294967295, size_t can't hold bit index. In the past, `proto-max-bulk-len` is limit to 536870912, so there is no problem.
After this commit, bit position is stored in `uint64_t` or `long long`. So when `proto-max-bulk-len > 536870912`, 32bit platforms can still be correct.
For 64bit platform, this problem still exists. The major reason is bit pos 8 times of byte pos. When proto-max-bulk-len is very larger, bit pos may overflow.
But at 64bit platform, we don't have so long string. So this bug may never happen.
Additionally this commit add a test cost `512MB` memory which is tag as `large-memory`. Make freebsd ci and valgrind ci ignore this test.
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/daily.yml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/.github/workflows/daily.yml b/.github/workflows/daily.yml index ceb82f5c1..800016508 100644 --- a/.github/workflows/daily.yml +++ b/.github/workflows/daily.yml @@ -254,7 +254,7 @@ jobs: sudo apt-get install tcl8.6 tclx valgrind -y - name: test if: true && !contains(github.event.inputs.skiptests, 'redis') - run: ./runtest --valgrind --verbose --clients 1 --dump-logs ${{github.event.inputs.test_args}} + run: ./runtest --valgrind --verbose --clients 1 --tags -large-memory --dump-logs ${{github.event.inputs.test_args}} - name: module api test if: true && !contains(github.event.inputs.skiptests, 'modules') run: ./runtest-moduleapi --valgrind --no-latency --verbose --clients 1 ${{github.event.inputs.test_args}} @@ -285,7 +285,7 @@ jobs: sudo apt-get install tcl8.6 tclx valgrind -y - name: test if: true && !contains(github.event.inputs.skiptests, 'redis') - run: ./runtest --valgrind --verbose --clients 1 --dump-logs ${{github.event.inputs.test_args}} + run: ./runtest --valgrind --verbose --clients 1 --tags -large-memory --dump-logs ${{github.event.inputs.test_args}} - name: module api test if: true && !contains(github.event.inputs.skiptests, 'modules') run: ./runtest-moduleapi --valgrind --no-latency --verbose --clients 1 ${{github.event.inputs.test_args}} @@ -420,7 +420,7 @@ jobs: prepare: pkg install -y bash gmake lang/tcl86 lang/tclx run: > gmake || exit 1 ; - if echo "${{github.event.inputs.skiptests}}" | grep -vq redis ; then ./runtest --accurate --verbose --no-latency --dump-logs ${{github.event.inputs.test_args}} || exit 1 ; fi ; + if echo "${{github.event.inputs.skiptests}}" | grep -vq redis ; then ./runtest --accurate --verbose --no-latency --tags -large-memory --dump-logs ${{github.event.inputs.test_args}} || exit 1 ; fi ; if echo "${{github.event.inputs.skiptests}}" | grep -vq modules ; then MAKE=gmake ./runtest-moduleapi --verbose ${{github.event.inputs.test_args}} || exit 1 ; fi ; if echo "${{github.event.inputs.skiptests}}" | grep -vq sentinel ; then ./runtest-sentinel ${{github.event.inputs.cluster_test_args}} || exit 1 ; fi ; if echo "${{github.event.inputs.skiptests}}" | grep -vq cluster ; then ./runtest-cluster ${{github.event.inputs.cluster_test_args}} || exit 1 ; fi ; |