diff options
author | Binbin <binloveplay1314@qq.com> | 2022-07-29 06:14:18 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-28 15:14:18 -0700 |
commit | 90f35cea81b48834cf3906435a2ef352f3e3e900 (patch) | |
tree | 41d112ccadb60404dcef453d063c165a6e906c81 /src/cluster.c | |
parent | e7144693e2446f21ee68c95676ecf65d1351d13e (diff) | |
download | redis-90f35cea81b48834cf3906435a2ef352f3e3e900.tar.gz |
Avoid false positive out-of-bounds in writeForgottenNodePingExt (#11053)
In clusterMsgPingExtForgottenNode, sizeof(name) is CLUSTER_NAMELEN,
and sizeof(clusterMsgPingExtForgottenNode) is > CLUSTER_NAMELEN.
Doing a (name + sizeof(clusterMsgPingExtForgottenNode)) sanitizer
generates an out-of-bounds error which is a false positive in here
Diffstat (limited to 'src/cluster.c')
-rw-r--r-- | src/cluster.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/cluster.c b/src/cluster.c index 1612c9e83..7affc838e 100644 --- a/src/cluster.c +++ b/src/cluster.c @@ -2035,7 +2035,7 @@ int writeHostnamePingExt(clusterMsgPingExt **cursor) { (*cursor)->type = htons(CLUSTERMSG_EXT_TYPE_HOSTNAME); (*cursor)->length = htonl(extension_size); /* Make sure the string is NULL terminated by adding 1 */ - *cursor = (clusterMsgPingExt *) (ext->hostname + EIGHT_BYTE_ALIGN(sdslen(myself->hostname) + 1)); + *cursor = (clusterMsgPingExt *) ((intptr_t)ext + EIGHT_BYTE_ALIGN(sdslen(myself->hostname) + 1)); return extension_size; } @@ -2050,7 +2050,7 @@ int writeForgottenNodePingExt(clusterMsgPingExt **cursor, sds name, uint64_t ttl uint32_t extension_size = sizeof(clusterMsgPingExt) + sizeof(clusterMsgPingExtForgottenNode); (*cursor)->type = htons(CLUSTERMSG_EXT_TYPE_FORGOTTEN_NODE); (*cursor)->length = htonl(extension_size); - *cursor = (clusterMsgPingExt *) (ext->name + sizeof(clusterMsgPingExtForgottenNode)); + *cursor = (clusterMsgPingExt *) (ext + 1); return extension_size; } |