mirror/phpredis
1
0
Fork 0
mirror of https://github.com/phpredis/phpredis.git synced 2026-06-19 07:35:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix error length calculation + UB sanity check.

Browse Source 
For an error reply we're starting at `buf + 1` so we want `len - 1`. As
a sanity check we now return early if `len < 1`.

Also, make certain that len > 2 for our special detection of `*-1` since
we're doing `memcmp(buf + 1, "-1", 2);`
This commit is contained in:
michael-grunder
2025-03-10 11:46:30 -07:00
committed by Michael Grunder
parent d342e4ac18
commit e73130fee0
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
library.c
+3 -3
View File
@@ -765,13 +765,13 @@ redis_sock_read(RedisSock *redis_sock, int *buf_len)
size_t len;
*buf_len = 0;
if (redis_sock_gets(redis_sock, inbuf, sizeof(inbuf) - 1, &len) < 0) {
if (redis_sock_gets(redis_sock, inbuf, sizeof(inbuf) - 1, &len) < 0 || len < 1) {
return NULL;
}
switch(inbuf[0]) {
case '-':
redis_sock_set_err(redis_sock, inbuf+1, len);
redis_sock_set_err(redis_sock, inbuf + 1, len - 1);
/* Filter our ERROR through the few that should actually throw */
redis_error_throw(redis_sock);
@@ -783,7 +783,7 @@ redis_sock_read(RedisSock *redis_sock, int *buf_len)
case '*':
/* For null multi-bulk replies (like timeouts from brpoplpush): */
if(memcmp(inbuf + 1, "-1", 2) == 0) {
if(len > 2 && memcmp(inbuf + 1, "-1", 2) == 0) {
return NULL;
}
REDIS_FALLTHROUGH;