diff options
author | Binbin <binloveplay1314@qq.com> | 2021-12-26 17:40:11 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-26 11:40:11 +0200 |
commit | e84ccc3f566f78344b098c3eef6e371653bc311b (patch) | |
tree | f1a0c6d22f7eff32793d841ee241f5ed80658801 /tests | |
parent | 365cbf46a717d660bbe9c832b6c9d7fc15982029 (diff) | |
download | redis-e84ccc3f566f78344b098c3eef6e371653bc311b.tar.gz |
santize dump payload: fix carsh when zset with NAN score (#10002)
`zslInsert` with a NAN score will crash the server.
This one found by the `corrupt-dump-fuzzer`.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/integration/corrupt-dump.tcl | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/tests/integration/corrupt-dump.tcl b/tests/integration/corrupt-dump.tcl index daeb9fc0c..86c7dd246 100644 --- a/tests/integration/corrupt-dump.tcl +++ b/tests/integration/corrupt-dump.tcl @@ -753,7 +753,7 @@ test {corrupt payload: fuzzer findings - gcc asan reports false leak on assert} } } -test {corrupt payload: fuzzer findings - lpFind invalid access } { +test {corrupt payload: fuzzer findings - lpFind invalid access} { start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] { r debug set-skip-checksum-validation 1 r config set sanitize-dump-payload no @@ -773,5 +773,15 @@ test {corrupt payload: fuzzer findings - invalid access in ziplist tail prevlen } } +test {corrupt payload: fuzzer findings - zset zslInsert with a NAN score} { + start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] { + r config set sanitize-dump-payload no + r debug set-skip-checksum-validation 1 + catch {r restore _nan_zset 0 "\x05\x0A\x02\x5F\x39\x00\x00\x00\x00\x00\x00\x22\x40\xC0\x08\x00\x00\x00\x00\x00\x00\x20\x40\x02\x5F\x37\x00\x00\x00\x00\x00\x00\x1C\x40\xC0\x06\x00\x00\x00\x00\x00\x00\x18\x40\x02\x5F\x35\x00\x00\x00\x00\x00\x00\x14\x40\xC0\x04\x00\x00\x00\x00\x00\x00\x10\x40\x02\x5F\x33\x00\x00\x00\x00\x00\x00\x08\x40\xC0\x02\x00\x00\x00\x00\x00\x00\x00\x40\x02\x5F\x31\x00\x00\x00\x00\x00\x55\xF0\x7F\xC0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\xEC\x94\x86\xD8\xFD\x5C\x5F\xD8"} err + assert_match "*Bad data format*" $err + r ping + } +} + } ;# tags |