diff options
author | Guy Benoish <guy.benoish@redislabs.com> | 2020-01-30 18:14:45 +0530 |
---|---|---|
committer | Guy Benoish <guy.benoish@redislabs.com> | 2020-01-30 18:15:17 +0530 |
commit | 2deb55512ffd86e494d376586cc0d402db21ca89 (patch) | |
tree | 844f4d4b34ebaf8a6ab175ef881a8610ba6a1d43 /src/util.c | |
parent | bf53f9280a7068ea80a47ccdc0fe9d50258e0612 (diff) | |
download | redis-2deb55512ffd86e494d376586cc0d402db21ca89.tar.gz |
ld2string should fail if string contains \0 in the middle
This bug affected RM_StringToLongDouble and HINCRBYFLOAT.
I added tests for both cases.
Main changes:
1. Fixed string2ld to fail if string contains \0 in the middle
2. Use string2ld in getLongDoubleFromObject - No point of
having duplicated code here
The two changes above broke RM_SaveLongDouble/RM_LoadLongDouble
because the long double string was saved with length+1 (An innocent
mistake, but it's actually a bug - The length passed to
RM_SaveLongDouble should not include the last \0).
Diffstat (limited to 'src/util.c')
-rw-r--r-- | src/util.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/util.c b/src/util.c index 20471b539..2be42a0df 100644 --- a/src/util.c +++ b/src/util.c @@ -471,13 +471,14 @@ int string2ld(const char *s, size_t slen, long double *dp) { long double value; char *eptr; - if (slen >= sizeof(buf)) return 0; + if (slen == 0 || slen >= sizeof(buf)) return 0; memcpy(buf,s,slen); buf[slen] = '\0'; errno = 0; value = strtold(buf, &eptr); if (isspace(buf[0]) || eptr[0] != '\0' || + (size_t)(eptr-buf) != slen || (errno == ERANGE && (value == HUGE_VAL || value == -HUGE_VAL || value == 0)) || errno == EINVAL || |