From 6476c8e856f790bef24eacd62c10c2df54e33f14 Mon Sep 17 00:00:00 2001 From: ZhaolongLi <0x4f4f4f4f@gmail.com> Date: Wed, 30 Jun 2021 21:55:09 +0800 Subject: Fix range issues in default value of LIMIT argument to XADD and XTRIM (#9147) This seems to be an unimportant bug that was accidentally generated. If the user does not specify limit in streamParseAddOrTrimArgsOrReply, the initial value of args->limit is 100 * server.stream_node_max_entries, which may lead to out of bounds, and then the default function of limit in xadd becomes invalid (this failure occurs in streamTrim). Additionally, provide sane default for args->limit in case stream_node_max_entries is set to 0. Co-authored-by: lizhaolong.lzl Co-authored-by: Oran Agra Co-authored-by: guybe7 --- src/t_stream.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/t_stream.c') diff --git a/src/t_stream.c b/src/t_stream.c index ceb4950e1..90dfb3307 100644 --- a/src/t_stream.c +++ b/src/t_stream.c @@ -982,11 +982,15 @@ static int streamParseAddOrTrimArgsOrReply(client *c, streamAddTrimArgs *args, i } } else { /* User didn't provide LIMIT, we must set it. */ - if (args->approx_trim) { - /* In order to prevent from trimming to do too much work and cause - * latency spikes we limit the amount of work it can do */ + /* In order to prevent from trimming to do too much work and + * cause latency spikes we limit the amount of work it can do. + * We have to cap args->limit from both sides in case + * stream_node_max_entries is 0 or too big (could cause overflow) + */ args->limit = 100 * server.stream_node_max_entries; /* Maximum 100 rax nodes. */ + if (args->limit <= 0) args->limit = 10000; + if (args->limit > 1000000) args->limit = 1000000; } else { /* No LIMIT for exact trimming */ args->limit = 0; -- cgit v1.2.1