Skip to content

Commit

Permalink
Catch size_t overflows in sds.c
Browse files Browse the repository at this point in the history 
Equivalent changes introduced to redis sds.c via:
redis/redis#8522
redis/redis#9584
  • Loading branch information
@bjosv
bjosv committed Feb 1, 2022
1 parent 066c6de commit 64062a1
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions sds.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ sds sdsnewlen(const void *init, size_t initlen) {
int hdrlen = sdsHdrSize(type);
unsigned char *fp; /* flags pointer. */

assert(initlen + hdrlen + 1 > initlen); /* Catch size_t overflow */
sh = s_malloc(hdrlen+initlen+1);
if (sh == NULL) return NULL;
if (!init)
Expand Down Expand Up @@ -196,7 +197,7 @@ void sdsclear(sds s) {
sds sdsMakeRoomFor(sds s, size_t addlen) {
void *sh, *newsh;
size_t avail = sdsavail(s);
size_t len, newlen;
size_t len, newlen, reqlen;
char type, oldtype = s[-1] & SDS_TYPE_MASK;
int hdrlen;

Expand All @@ -205,7 +206,8 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {

len = sdslen(s);
sh = (char*)s-sdsHdrSize(oldtype);
newlen = (len+addlen);
reqlen = newlen = (len+addlen);
assert(newlen > len); /* Catch size_t overflow */
if (newlen < SDS_MAX_PREALLOC)
newlen *= 2;
else
Expand All @@ -219,6 +221,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
if (type == SDS_TYPE_5) type = SDS_TYPE_8;

hdrlen = sdsHdrSize(type);
assert(hdrlen + newlen + 1 > reqlen); /* Catch size_t overflow */
if (oldtype==type) {
newsh = s_realloc(sh, hdrlen+newlen+1);
if (newsh == NULL) return NULL;
Expand Down

0 comments on commit 64062a1

Please sign in to comment.