diff options
author | Binbin <binloveplay1314@qq.com> | 2022-11-20 18:12:15 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-20 12:12:15 +0200 |
commit | 51887e61b8a0ae36fa977351f34ace3e38efbc29 (patch) | |
tree | 0882ec27cb4cb154d92872ab1a8a9b26bb509c03 /tests/integration | |
parent | 2f411770c85ddfd226c02819c0f98a3f5a7854ac (diff) | |
download | redis-51887e61b8a0ae36fa977351f34ace3e38efbc29.tar.gz |
sanitize dump payload: fix crash with empty set with listpack encoding (#11519)
The following example will create an empty set (listpack encoding):
```
> RESTORE key 0
"\x14\x25\x25\x00\x00\x00\x00\x00\x02\x01\x82\x5F\x37\x03\x06\x01\x82\x5F\x35\x03\x82\x5F\x33\x03\x00\x01\x82\x5F\x31\x03\x82\x5F\x39\x03\x04\xA9\x08\x01\xFF\x0B\x00\xA3\x26\x49\xB4\x86\xB0\x0F\x41"
OK
> SCARD key
(integer) 0
> SRANDMEMBER key
Error: Server closed the connection
```
In the spirit of #9297, skip empty set when loading RDB_TYPE_SET_LISTPACK.
Introduced in #11290
Diffstat (limited to 'tests/integration')
-rw-r--r-- | tests/integration/corrupt-dump-fuzzer.tcl | 3 | ||||
-rw-r--r-- | tests/integration/corrupt-dump.tcl | 9 |
2 files changed, 11 insertions, 1 deletions
diff --git a/tests/integration/corrupt-dump-fuzzer.tcl b/tests/integration/corrupt-dump-fuzzer.tcl index 011c314b4..7c3b90969 100644 --- a/tests/integration/corrupt-dump-fuzzer.tcl +++ b/tests/integration/corrupt-dump-fuzzer.tcl @@ -1,4 +1,4 @@ -# tests of corrupt ziplist payload with valid CRC +# tests of corrupt listpack payload with valid CRC tags {"dump" "corruption" "external:skip"} { @@ -32,6 +32,7 @@ proc generate_collections {suffix elements} { proc generate_types {} { r config set list-max-ziplist-size 5 r config set hash-max-ziplist-entries 5 + r config set set-max-listpack-entries 5 r config set zset-max-ziplist-entries 5 r config set stream-node-max-entries 5 diff --git a/tests/integration/corrupt-dump.tcl b/tests/integration/corrupt-dump.tcl index 1b9be676b..ef878457a 100644 --- a/tests/integration/corrupt-dump.tcl +++ b/tests/integration/corrupt-dump.tcl @@ -800,6 +800,15 @@ test {corrupt payload: fuzzer findings - valgrind fishy value warning} { } } +test {corrupt payload: fuzzer findings - empty set listpack} { + start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] { + r config set sanitize-dump-payload no + r debug set-skip-checksum-validation 1 + catch {r restore _key 0 "\x14\x25\x25\x00\x00\x00\x00\x00\x02\x01\x82\x5F\x37\x03\x06\x01\x82\x5F\x35\x03\x82\x5F\x33\x03\x00\x01\x82\x5F\x31\x03\x82\x5F\x39\x03\x04\xA9\x08\x01\xFF\x0B\x00\xA3\x26\x49\xB4\x86\xB0\x0F\x41"} err + assert_match "*Bad data format*" $err + r ping + } +} } ;# tags |