diff options
author | Oran Agra <oran@redislabs.com> | 2021-08-05 22:56:14 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-05 22:56:14 +0300 |
commit | 0c90370e6d71cc68e4d9cc79a0d8b1e768712a5b (patch) | |
tree | f8feca4d562a45219246756cd5af37f2ad5d154a /src/object.c | |
parent | 8ea777a6a02cae22aeff95f054d810f30b7b69ad (diff) | |
download | redis-0c90370e6d71cc68e4d9cc79a0d8b1e768712a5b.tar.gz |
Improvements to corrupt payload sanitization (#9321)
Recently we found two issues in the fuzzer tester: #9302 #9285
After fixing them, more problems surfaced and this PR (as well as #9297) aims to fix them.
Here's a list of the fixes
- Prevent an overflow when allocating a dict hashtable
- Prevent OOM when attempting to allocate a huge string
- Prevent a few invalid accesses in listpack
- Improve sanitization of listpack first entry
- Validate integrity of stream consumer groups PEL
- Validate integrity of stream listpack entry IDs
- Validate ziplist tail followed by extra data which start with 0xff
Co-authored-by: sundb <sundbcn@gmail.com>
Diffstat (limited to 'src/object.c')
-rw-r--r-- | src/object.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/object.c b/src/object.c index 3d50b67e6..317e3bf56 100644 --- a/src/object.c +++ b/src/object.c @@ -123,6 +123,21 @@ robj *createStringObject(const char *ptr, size_t len) { return createRawStringObject(ptr,len); } +/* Same as CreateRawStringObject, can return NULL if allocation fails */ +robj *tryCreateRawStringObject(const char *ptr, size_t len) { + sds str = sdstrynewlen(ptr,len); + if (!str) return NULL; + return createObject(OBJ_STRING, str); +} + +/* Same as createStringObject, can return NULL if allocation fails */ +robj *tryCreateStringObject(const char *ptr, size_t len) { + if (len <= OBJ_ENCODING_EMBSTR_SIZE_LIMIT) + return createEmbeddedStringObject(ptr,len); + else + return tryCreateRawStringObject(ptr,len); +} + /* Create a string object from a long long value. When possible returns a * shared integer object, or at least an integer encoded one. * |