2017-08-30 06:40:27 -04:00
|
|
|
/* Listpack -- A lists of strings serialization format
|
|
|
|
|
*
|
|
|
|
|
* This file implements the specification you can find at:
|
|
|
|
|
*
|
|
|
|
|
* https://github.com/antirez/listpack
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2017, Salvatore Sanfilippo <antirez at gmail dot com>
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
* Copyright (c) 2020, Redis Labs, Inc
|
2017-08-30 06:40:27 -04:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* * Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* * Neither the name of Redis nor the names of its contributors may be used
|
|
|
|
|
* to endorse or promote products derived from this software without
|
|
|
|
|
* specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
|
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
#include <limits.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
|
|
#include "listpack.h"
|
|
|
|
|
#include "listpack_malloc.h"
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
#include "redisassert.h"
|
2017-08-30 06:40:27 -04:00
|
|
|
|
|
|
|
|
#define LP_HDR_SIZE 6 /* 32 bit total len + 16 bit number of elements. */
|
|
|
|
|
#define LP_HDR_NUMELE_UNKNOWN UINT16_MAX
|
|
|
|
|
#define LP_MAX_INT_ENCODING_LEN 9
|
|
|
|
|
#define LP_MAX_BACKLEN_SIZE 5
|
|
|
|
|
#define LP_MAX_ENTRY_BACKLEN 34359738367ULL
|
|
|
|
|
#define LP_ENCODING_INT 0
|
|
|
|
|
#define LP_ENCODING_STRING 1
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_7BIT_UINT 0
|
|
|
|
|
#define LP_ENCODING_7BIT_UINT_MASK 0x80
|
|
|
|
|
#define LP_ENCODING_IS_7BIT_UINT(byte) (((byte)&LP_ENCODING_7BIT_UINT_MASK)==LP_ENCODING_7BIT_UINT)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_6BIT_STR 0x80
|
|
|
|
|
#define LP_ENCODING_6BIT_STR_MASK 0xC0
|
|
|
|
|
#define LP_ENCODING_IS_6BIT_STR(byte) (((byte)&LP_ENCODING_6BIT_STR_MASK)==LP_ENCODING_6BIT_STR)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_13BIT_INT 0xC0
|
|
|
|
|
#define LP_ENCODING_13BIT_INT_MASK 0xE0
|
|
|
|
|
#define LP_ENCODING_IS_13BIT_INT(byte) (((byte)&LP_ENCODING_13BIT_INT_MASK)==LP_ENCODING_13BIT_INT)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_12BIT_STR 0xE0
|
|
|
|
|
#define LP_ENCODING_12BIT_STR_MASK 0xF0
|
|
|
|
|
#define LP_ENCODING_IS_12BIT_STR(byte) (((byte)&LP_ENCODING_12BIT_STR_MASK)==LP_ENCODING_12BIT_STR)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_16BIT_INT 0xF1
|
|
|
|
|
#define LP_ENCODING_16BIT_INT_MASK 0xFF
|
|
|
|
|
#define LP_ENCODING_IS_16BIT_INT(byte) (((byte)&LP_ENCODING_16BIT_INT_MASK)==LP_ENCODING_16BIT_INT)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_24BIT_INT 0xF2
|
|
|
|
|
#define LP_ENCODING_24BIT_INT_MASK 0xFF
|
|
|
|
|
#define LP_ENCODING_IS_24BIT_INT(byte) (((byte)&LP_ENCODING_24BIT_INT_MASK)==LP_ENCODING_24BIT_INT)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_32BIT_INT 0xF3
|
|
|
|
|
#define LP_ENCODING_32BIT_INT_MASK 0xFF
|
|
|
|
|
#define LP_ENCODING_IS_32BIT_INT(byte) (((byte)&LP_ENCODING_32BIT_INT_MASK)==LP_ENCODING_32BIT_INT)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_64BIT_INT 0xF4
|
|
|
|
|
#define LP_ENCODING_64BIT_INT_MASK 0xFF
|
|
|
|
|
#define LP_ENCODING_IS_64BIT_INT(byte) (((byte)&LP_ENCODING_64BIT_INT_MASK)==LP_ENCODING_64BIT_INT)
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_32BIT_STR 0xF0
|
|
|
|
|
#define LP_ENCODING_32BIT_STR_MASK 0xFF
|
|
|
|
|
#define LP_ENCODING_IS_32BIT_STR(byte) (((byte)&LP_ENCODING_32BIT_STR_MASK)==LP_ENCODING_32BIT_STR)
|
|
|
|
|
|
|
|
|
|
#define LP_EOF 0xFF
|
|
|
|
|
|
|
|
|
|
#define LP_ENCODING_6BIT_STR_LEN(p) ((p)[0] & 0x3F)
|
|
|
|
|
#define LP_ENCODING_12BIT_STR_LEN(p) ((((p)[0] & 0xF) << 8) | (p)[1])
|
|
|
|
|
#define LP_ENCODING_32BIT_STR_LEN(p) (((uint32_t)(p)[1]<<0) | \
|
|
|
|
|
((uint32_t)(p)[2]<<8) | \
|
|
|
|
|
((uint32_t)(p)[3]<<16) | \
|
|
|
|
|
((uint32_t)(p)[4]<<24))
|
|
|
|
|
|
|
|
|
|
#define lpGetTotalBytes(p) (((uint32_t)(p)[0]<<0) | \
|
|
|
|
|
((uint32_t)(p)[1]<<8) | \
|
|
|
|
|
((uint32_t)(p)[2]<<16) | \
|
|
|
|
|
((uint32_t)(p)[3]<<24))
|
|
|
|
|
|
|
|
|
|
#define lpGetNumElements(p) (((uint32_t)(p)[4]<<0) | \
|
|
|
|
|
((uint32_t)(p)[5]<<8))
|
|
|
|
|
#define lpSetTotalBytes(p,v) do { \
|
|
|
|
|
(p)[0] = (v)&0xff; \
|
|
|
|
|
(p)[1] = ((v)>>8)&0xff; \
|
|
|
|
|
(p)[2] = ((v)>>16)&0xff; \
|
|
|
|
|
(p)[3] = ((v)>>24)&0xff; \
|
|
|
|
|
} while(0)
|
|
|
|
|
|
|
|
|
|
#define lpSetNumElements(p,v) do { \
|
|
|
|
|
(p)[4] = (v)&0xff; \
|
|
|
|
|
(p)[5] = ((v)>>8)&0xff; \
|
|
|
|
|
} while(0)
|
|
|
|
|
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
/* Validates that 'p' is not ouside the listpack.
|
|
|
|
|
* All function that return a pointer to an element in the listpack will assert
|
|
|
|
|
* that this element is valid, so it can be freely used.
|
|
|
|
|
* Generally functions such lpNext and lpDelete assume the input pointer is
|
|
|
|
|
* already validated (since it's the return value of another function). */
|
|
|
|
|
#define ASSERT_INTEGRITY(lp, p) do { \
|
|
|
|
|
assert((p) >= (lp)+LP_HDR_SIZE && (p) < (lp)+lpGetTotalBytes((lp))); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
/* Similar to the above, but validates the entire element lenth rather than just
|
|
|
|
|
* it's pointer. */
|
|
|
|
|
#define ASSERT_INTEGRITY_LEN(lp, p, len) do { \
|
|
|
|
|
assert((p) >= (lp)+LP_HDR_SIZE && (p)+(len) < (lp)+lpGetTotalBytes((lp))); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2017-08-30 06:40:27 -04:00
|
|
|
/* Convert a string into a signed 64 bit integer.
|
|
|
|
|
* The function returns 1 if the string could be parsed into a (non-overflowing)
|
|
|
|
|
* signed 64 bit int, 0 otherwise. The 'value' will be set to the parsed value
|
|
|
|
|
* when the function returns success.
|
|
|
|
|
*
|
|
|
|
|
* Note that this function demands that the string strictly represents
|
|
|
|
|
* a int64 value: no spaces or other characters before or after the string
|
|
|
|
|
* representing the number are accepted, nor zeroes at the start if not
|
|
|
|
|
* for the string "0" representing the zero number.
|
|
|
|
|
*
|
|
|
|
|
* Because of its strictness, it is safe to use this function to check if
|
|
|
|
|
* you can convert a string into a long long, and obtain back the string
|
|
|
|
|
* from the number without any loss in the string representation. *
|
|
|
|
|
*
|
|
|
|
|
* -----------------------------------------------------------------------------
|
|
|
|
|
*
|
|
|
|
|
* Credits: this function was adapted from the Redis source code, file
|
|
|
|
|
* "utils.c", function string2ll(), and is copyright:
|
|
|
|
|
*
|
|
|
|
|
* Copyright(C) 2011, Pieter Noordhuis
|
|
|
|
|
* Copyright(C) 2011, Salvatore Sanfilippo
|
|
|
|
|
*
|
|
|
|
|
* The function is released under the BSD 3-clause license.
|
|
|
|
|
*/
|
|
|
|
|
int lpStringToInt64(const char *s, unsigned long slen, int64_t *value) {
|
|
|
|
|
const char *p = s;
|
|
|
|
|
unsigned long plen = 0;
|
|
|
|
|
int negative = 0;
|
|
|
|
|
uint64_t v;
|
|
|
|
|
|
|
|
|
|
if (plen == slen)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Special case: first and only digit is 0. */
|
|
|
|
|
if (slen == 1 && p[0] == '0') {
|
|
|
|
|
if (value != NULL) *value = 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (p[0] == '-') {
|
|
|
|
|
negative = 1;
|
|
|
|
|
p++; plen++;
|
|
|
|
|
|
|
|
|
|
/* Abort on only a negative sign. */
|
|
|
|
|
if (plen == slen)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* First digit should be 1-9, otherwise the string should just be 0. */
|
|
|
|
|
if (p[0] >= '1' && p[0] <= '9') {
|
|
|
|
|
v = p[0]-'0';
|
|
|
|
|
p++; plen++;
|
|
|
|
|
} else {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (plen < slen && p[0] >= '0' && p[0] <= '9') {
|
|
|
|
|
if (v > (UINT64_MAX / 10)) /* Overflow. */
|
|
|
|
|
return 0;
|
|
|
|
|
v *= 10;
|
|
|
|
|
|
|
|
|
|
if (v > (UINT64_MAX - (p[0]-'0'))) /* Overflow. */
|
|
|
|
|
return 0;
|
|
|
|
|
v += p[0]-'0';
|
|
|
|
|
|
|
|
|
|
p++; plen++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return if not all bytes were used. */
|
|
|
|
|
if (plen < slen)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (negative) {
|
|
|
|
|
if (v > ((uint64_t)(-(INT64_MIN+1))+1)) /* Overflow. */
|
|
|
|
|
return 0;
|
|
|
|
|
if (value != NULL) *value = -v;
|
|
|
|
|
} else {
|
|
|
|
|
if (v > INT64_MAX) /* Overflow. */
|
|
|
|
|
return 0;
|
|
|
|
|
if (value != NULL) *value = v;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Create a new, empty listpack.
|
2021-02-16 09:17:38 -05:00
|
|
|
* On success the new listpack is returned, otherwise an error is returned.
|
|
|
|
|
* Pre-allocate at least `capacity` bytes of memory,
|
|
|
|
|
* over-allocated memory can be shrinked by `lpShrinkToFit`.
|
|
|
|
|
* */
|
|
|
|
|
unsigned char *lpNew(size_t capacity) {
|
|
|
|
|
unsigned char *lp = lp_malloc(capacity > LP_HDR_SIZE+1 ? capacity : LP_HDR_SIZE+1);
|
2017-08-30 06:40:27 -04:00
|
|
|
if (lp == NULL) return NULL;
|
|
|
|
|
lpSetTotalBytes(lp,LP_HDR_SIZE+1);
|
|
|
|
|
lpSetNumElements(lp,0);
|
|
|
|
|
lp[LP_HDR_SIZE] = LP_EOF;
|
|
|
|
|
return lp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free the specified listpack. */
|
|
|
|
|
void lpFree(unsigned char *lp) {
|
|
|
|
|
lp_free(lp);
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-16 09:17:38 -05:00
|
|
|
/* Shrink the memory to fit. */
|
|
|
|
|
unsigned char* lpShrinkToFit(unsigned char *lp) {
|
|
|
|
|
size_t size = lpGetTotalBytes(lp);
|
|
|
|
|
if (size < lp_malloc_size(lp)) {
|
|
|
|
|
return lp_realloc(lp, size);
|
|
|
|
|
} else {
|
|
|
|
|
return lp;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-30 06:40:27 -04:00
|
|
|
/* Given an element 'ele' of size 'size', determine if the element can be
|
|
|
|
|
* represented inside the listpack encoded as integer, and returns
|
|
|
|
|
* LP_ENCODING_INT if so. Otherwise returns LP_ENCODING_STR if no integer
|
|
|
|
|
* encoding is possible.
|
|
|
|
|
*
|
|
|
|
|
* If the LP_ENCODING_INT is returned, the function stores the integer encoded
|
|
|
|
|
* representation of the element in the 'intenc' buffer.
|
|
|
|
|
*
|
|
|
|
|
* Regardless of the returned encoding, 'enclen' is populated by reference to
|
|
|
|
|
* the number of bytes that the string or integer encoded element will require
|
|
|
|
|
* in order to be represented. */
|
|
|
|
|
int lpEncodeGetType(unsigned char *ele, uint32_t size, unsigned char *intenc, uint64_t *enclen) {
|
|
|
|
|
int64_t v;
|
|
|
|
|
if (lpStringToInt64((const char*)ele, size, &v)) {
|
|
|
|
|
if (v >= 0 && v <= 127) {
|
|
|
|
|
/* Single byte 0-127 integer. */
|
|
|
|
|
intenc[0] = v;
|
|
|
|
|
*enclen = 1;
|
|
|
|
|
} else if (v >= -4096 && v <= 4095) {
|
|
|
|
|
/* 13 bit integer. */
|
|
|
|
|
if (v < 0) v = ((int64_t)1<<13)+v;
|
|
|
|
|
intenc[0] = (v>>8)|LP_ENCODING_13BIT_INT;
|
|
|
|
|
intenc[1] = v&0xff;
|
|
|
|
|
*enclen = 2;
|
|
|
|
|
} else if (v >= -32768 && v <= 32767) {
|
|
|
|
|
/* 16 bit integer. */
|
|
|
|
|
if (v < 0) v = ((int64_t)1<<16)+v;
|
|
|
|
|
intenc[0] = LP_ENCODING_16BIT_INT;
|
|
|
|
|
intenc[1] = v&0xff;
|
|
|
|
|
intenc[2] = v>>8;
|
|
|
|
|
*enclen = 3;
|
|
|
|
|
} else if (v >= -8388608 && v <= 8388607) {
|
|
|
|
|
/* 24 bit integer. */
|
|
|
|
|
if (v < 0) v = ((int64_t)1<<24)+v;
|
|
|
|
|
intenc[0] = LP_ENCODING_24BIT_INT;
|
|
|
|
|
intenc[1] = v&0xff;
|
|
|
|
|
intenc[2] = (v>>8)&0xff;
|
|
|
|
|
intenc[3] = v>>16;
|
|
|
|
|
*enclen = 4;
|
|
|
|
|
} else if (v >= -2147483648 && v <= 2147483647) {
|
|
|
|
|
/* 32 bit integer. */
|
|
|
|
|
if (v < 0) v = ((int64_t)1<<32)+v;
|
|
|
|
|
intenc[0] = LP_ENCODING_32BIT_INT;
|
|
|
|
|
intenc[1] = v&0xff;
|
|
|
|
|
intenc[2] = (v>>8)&0xff;
|
|
|
|
|
intenc[3] = (v>>16)&0xff;
|
|
|
|
|
intenc[4] = v>>24;
|
|
|
|
|
*enclen = 5;
|
|
|
|
|
} else {
|
|
|
|
|
/* 64 bit integer. */
|
|
|
|
|
uint64_t uv = v;
|
|
|
|
|
intenc[0] = LP_ENCODING_64BIT_INT;
|
|
|
|
|
intenc[1] = uv&0xff;
|
|
|
|
|
intenc[2] = (uv>>8)&0xff;
|
|
|
|
|
intenc[3] = (uv>>16)&0xff;
|
|
|
|
|
intenc[4] = (uv>>24)&0xff;
|
|
|
|
|
intenc[5] = (uv>>32)&0xff;
|
|
|
|
|
intenc[6] = (uv>>40)&0xff;
|
|
|
|
|
intenc[7] = (uv>>48)&0xff;
|
|
|
|
|
intenc[8] = uv>>56;
|
|
|
|
|
*enclen = 9;
|
|
|
|
|
}
|
|
|
|
|
return LP_ENCODING_INT;
|
|
|
|
|
} else {
|
|
|
|
|
if (size < 64) *enclen = 1+size;
|
|
|
|
|
else if (size < 4096) *enclen = 2+size;
|
2017-11-15 06:48:32 -05:00
|
|
|
else *enclen = 5+size;
|
2017-08-30 06:40:27 -04:00
|
|
|
return LP_ENCODING_STRING;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Store a reverse-encoded variable length field, representing the length
|
|
|
|
|
* of the previous element of size 'l', in the target buffer 'buf'.
|
|
|
|
|
* The function returns the number of bytes used to encode it, from
|
2018-07-01 01:24:50 -04:00
|
|
|
* 1 to 5. If 'buf' is NULL the function just returns the number of bytes
|
2017-08-30 06:40:27 -04:00
|
|
|
* needed in order to encode the backlen. */
|
|
|
|
|
unsigned long lpEncodeBacklen(unsigned char *buf, uint64_t l) {
|
|
|
|
|
if (l <= 127) {
|
|
|
|
|
if (buf) buf[0] = l;
|
|
|
|
|
return 1;
|
|
|
|
|
} else if (l < 16383) {
|
|
|
|
|
if (buf) {
|
|
|
|
|
buf[0] = l>>7;
|
|
|
|
|
buf[1] = (l&127)|128;
|
|
|
|
|
}
|
|
|
|
|
return 2;
|
|
|
|
|
} else if (l < 2097151) {
|
|
|
|
|
if (buf) {
|
|
|
|
|
buf[0] = l>>14;
|
|
|
|
|
buf[1] = ((l>>7)&127)|128;
|
|
|
|
|
buf[2] = (l&127)|128;
|
|
|
|
|
}
|
|
|
|
|
return 3;
|
|
|
|
|
} else if (l < 268435455) {
|
|
|
|
|
if (buf) {
|
|
|
|
|
buf[0] = l>>21;
|
|
|
|
|
buf[1] = ((l>>14)&127)|128;
|
|
|
|
|
buf[2] = ((l>>7)&127)|128;
|
|
|
|
|
buf[3] = (l&127)|128;
|
|
|
|
|
}
|
|
|
|
|
return 4;
|
|
|
|
|
} else {
|
|
|
|
|
if (buf) {
|
|
|
|
|
buf[0] = l>>28;
|
|
|
|
|
buf[1] = ((l>>21)&127)|128;
|
|
|
|
|
buf[2] = ((l>>14)&127)|128;
|
|
|
|
|
buf[3] = ((l>>7)&127)|128;
|
|
|
|
|
buf[4] = (l&127)|128;
|
|
|
|
|
}
|
|
|
|
|
return 5;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Decode the backlen and returns it. If the encoding looks invalid (more than
|
|
|
|
|
* 5 bytes are used), UINT64_MAX is returned to report the problem. */
|
|
|
|
|
uint64_t lpDecodeBacklen(unsigned char *p) {
|
|
|
|
|
uint64_t val = 0;
|
|
|
|
|
uint64_t shift = 0;
|
|
|
|
|
do {
|
|
|
|
|
val |= (uint64_t)(p[0] & 127) << shift;
|
|
|
|
|
if (!(p[0] & 128)) break;
|
|
|
|
|
shift += 7;
|
|
|
|
|
p--;
|
|
|
|
|
if (shift > 28) return UINT64_MAX;
|
|
|
|
|
} while(1);
|
|
|
|
|
return val;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Encode the string element pointed by 's' of size 'len' in the target
|
|
|
|
|
* buffer 's'. The function should be called with 'buf' having always enough
|
|
|
|
|
* space for encoding the string. This is done by calling lpEncodeGetType()
|
|
|
|
|
* before calling this function. */
|
|
|
|
|
void lpEncodeString(unsigned char *buf, unsigned char *s, uint32_t len) {
|
|
|
|
|
if (len < 64) {
|
|
|
|
|
buf[0] = len | LP_ENCODING_6BIT_STR;
|
|
|
|
|
memcpy(buf+1,s,len);
|
|
|
|
|
} else if (len < 4096) {
|
|
|
|
|
buf[0] = (len >> 8) | LP_ENCODING_12BIT_STR;
|
|
|
|
|
buf[1] = len & 0xff;
|
|
|
|
|
memcpy(buf+2,s,len);
|
|
|
|
|
} else {
|
|
|
|
|
buf[0] = LP_ENCODING_32BIT_STR;
|
|
|
|
|
buf[1] = len & 0xff;
|
|
|
|
|
buf[2] = (len >> 8) & 0xff;
|
|
|
|
|
buf[3] = (len >> 16) & 0xff;
|
|
|
|
|
buf[4] = (len >> 24) & 0xff;
|
2017-11-15 06:48:32 -05:00
|
|
|
memcpy(buf+5,s,len);
|
2017-08-30 06:40:27 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
/* Return the encoded length of the listpack element pointed by 'p'.
|
|
|
|
|
* This includes the encoding byte, length bytes, and the element data itself.
|
|
|
|
|
* If the element encoding is wrong then 0 is returned.
|
|
|
|
|
* Note that this method may access additional bytes (in case of 12 and 32 bit
|
|
|
|
|
* str), so should only be called when we know 'p' was already validated by
|
|
|
|
|
* lpCurrentEncodedSizeBytes or ASSERT_INTEGRITY_LEN (possibly since 'p' is
|
|
|
|
|
* a return value of another function that validated its return. */
|
|
|
|
|
uint32_t lpCurrentEncodedSizeUnsafe(unsigned char *p) {
|
2017-08-30 06:40:27 -04:00
|
|
|
if (LP_ENCODING_IS_7BIT_UINT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_6BIT_STR(p[0])) return 1+LP_ENCODING_6BIT_STR_LEN(p);
|
|
|
|
|
if (LP_ENCODING_IS_13BIT_INT(p[0])) return 2;
|
|
|
|
|
if (LP_ENCODING_IS_16BIT_INT(p[0])) return 3;
|
|
|
|
|
if (LP_ENCODING_IS_24BIT_INT(p[0])) return 4;
|
|
|
|
|
if (LP_ENCODING_IS_32BIT_INT(p[0])) return 5;
|
|
|
|
|
if (LP_ENCODING_IS_64BIT_INT(p[0])) return 9;
|
|
|
|
|
if (LP_ENCODING_IS_12BIT_STR(p[0])) return 2+LP_ENCODING_12BIT_STR_LEN(p);
|
|
|
|
|
if (LP_ENCODING_IS_32BIT_STR(p[0])) return 5+LP_ENCODING_32BIT_STR_LEN(p);
|
|
|
|
|
if (p[0] == LP_EOF) return 1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
/* Return bytes needed to encode the length of the listpack element pointed by 'p'.
|
|
|
|
|
* This includes just the encodign byte, and the bytes needed to encode the length
|
|
|
|
|
* of the element (excluding the element data itself)
|
|
|
|
|
* If the element encoding is wrong then 0 is returned. */
|
|
|
|
|
uint32_t lpCurrentEncodedSizeBytes(unsigned char *p) {
|
|
|
|
|
if (LP_ENCODING_IS_7BIT_UINT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_6BIT_STR(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_13BIT_INT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_16BIT_INT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_24BIT_INT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_32BIT_INT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_64BIT_INT(p[0])) return 1;
|
|
|
|
|
if (LP_ENCODING_IS_12BIT_STR(p[0])) return 2;
|
|
|
|
|
if (LP_ENCODING_IS_32BIT_STR(p[0])) return 5;
|
|
|
|
|
if (p[0] == LP_EOF) return 1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-30 06:40:27 -04:00
|
|
|
/* Skip the current entry returning the next. It is invalid to call this
|
|
|
|
|
* function if the current element is the EOF element at the end of the
|
|
|
|
|
* listpack, however, while this function is used to implement lpNext(),
|
|
|
|
|
* it does not return NULL when the EOF element is encountered. */
|
|
|
|
|
unsigned char *lpSkip(unsigned char *p) {
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
unsigned long entrylen = lpCurrentEncodedSizeUnsafe(p);
|
2017-08-30 06:40:27 -04:00
|
|
|
entrylen += lpEncodeBacklen(NULL,entrylen);
|
|
|
|
|
p += entrylen;
|
|
|
|
|
return p;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If 'p' points to an element of the listpack, calling lpNext() will return
|
|
|
|
|
* the pointer to the next element (the one on the right), or NULL if 'p'
|
|
|
|
|
* already pointed to the last element of the listpack. */
|
|
|
|
|
unsigned char *lpNext(unsigned char *lp, unsigned char *p) {
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
assert(p);
|
2017-08-30 06:40:27 -04:00
|
|
|
p = lpSkip(p);
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
ASSERT_INTEGRITY(lp, p);
|
2017-08-30 06:40:27 -04:00
|
|
|
if (p[0] == LP_EOF) return NULL;
|
|
|
|
|
return p;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If 'p' points to an element of the listpack, calling lpPrev() will return
|
Squash merging 125 typo/grammar/comment/doc PRs (#7773)
List of squashed commits or PRs
===============================
commit 66801ea
Author: hwware <wen.hui.ware@gmail.com>
Date: Mon Jan 13 00:54:31 2020 -0500
typo fix in acl.c
commit 46f55db
Author: Itamar Haber <itamar@redislabs.com>
Date: Sun Sep 6 18:24:11 2020 +0300
Updates a couple of comments
Specifically:
* RM_AutoMemory completed instead of pointing to docs
* Updated link to custom type doc
commit 61a2aa0
Author: xindoo <xindoo@qq.com>
Date: Tue Sep 1 19:24:59 2020 +0800
Correct errors in code comments
commit a5871d1
Author: yz1509 <pro-756@qq.com>
Date: Tue Sep 1 18:36:06 2020 +0800
fix typos in module.c
commit 41eede7
Author: bookug <bookug@qq.com>
Date: Sat Aug 15 01:11:33 2020 +0800
docs: fix typos in comments
commit c303c84
Author: lazy-snail <ws.niu@outlook.com>
Date: Fri Aug 7 11:15:44 2020 +0800
fix spelling in redis.conf
commit 1eb76bf
Author: zhujian <zhujianxyz@gmail.com>
Date: Thu Aug 6 15:22:10 2020 +0800
add a missing 'n' in comment
commit 1530ec2
Author: Daniel Dai <764122422@qq.com>
Date: Mon Jul 27 00:46:35 2020 -0400
fix spelling in tracking.c
commit e517b31
Author: Hunter-Chen <huntcool001@gmail.com>
Date: Fri Jul 17 22:33:32 2020 +0800
Update redis.conf
Co-authored-by: Itamar Haber <itamar@redislabs.com>
commit c300eff
Author: Hunter-Chen <huntcool001@gmail.com>
Date: Fri Jul 17 22:33:23 2020 +0800
Update redis.conf
Co-authored-by: Itamar Haber <itamar@redislabs.com>
commit 4c058a8
Author: 陈浩鹏 <chenhaopeng@heytea.com>
Date: Thu Jun 25 19:00:56 2020 +0800
Grammar fix and clarification
commit 5fcaa81
Author: bodong.ybd <bodong.ybd@alibaba-inc.com>
Date: Fri Jun 19 10:09:00 2020 +0800
Fix typos
commit 4caca9a
Author: Pruthvi P <pruthvi@ixigo.com>
Date: Fri May 22 00:33:22 2020 +0530
Fix typo eviciton => eviction
commit b2a25f6
Author: Brad Dunbar <dunbarb2@gmail.com>
Date: Sun May 17 12:39:59 2020 -0400
Fix a typo.
commit 12842ae
Author: hwware <wen.hui.ware@gmail.com>
Date: Sun May 3 17:16:59 2020 -0400
fix spelling in redis conf
commit ddba07c
Author: Chris Lamb <chris@chris-lamb.co.uk>
Date: Sat May 2 23:25:34 2020 +0100
Correct a "conflicts" spelling error.
commit 8fc7bf2
Author: Nao YONASHIRO <yonashiro@r.recruit.co.jp>
Date: Thu Apr 30 10:25:27 2020 +0900
docs: fix EXPIRE_FAST_CYCLE_DURATION to ACTIVE_EXPIRE_CYCLE_FAST_DURATION
commit 9b2b67a
Author: Brad Dunbar <dunbarb2@gmail.com>
Date: Fri Apr 24 11:46:22 2020 -0400
Fix a typo.
commit 0746f10
Author: devilinrust <63737265+devilinrust@users.noreply.github.com>
Date: Thu Apr 16 00:17:53 2020 +0200
Fix typos in server.c
commit 92b588d
Author: benjessop12 <56115861+benjessop12@users.noreply.github.com>
Date: Mon Apr 13 13:43:55 2020 +0100
Fix spelling mistake in lazyfree.c
commit 1da37aa
Merge: 2d4ba28 af347a8
Author: hwware <wen.hui.ware@gmail.com>
Date: Thu Mar 5 22:41:31 2020 -0500
Merge remote-tracking branch 'upstream/unstable' into expiretypofix
commit 2d4ba28
Author: hwware <wen.hui.ware@gmail.com>
Date: Mon Mar 2 00:09:40 2020 -0500
fix typo in expire.c
commit 1a746f7
Author: SennoYuki <minakami1yuki@gmail.com>
Date: Thu Feb 27 16:54:32 2020 +0800
fix typo
commit 8599b1a
Author: dongheejeong <donghee950403@gmail.com>
Date: Sun Feb 16 20:31:43 2020 +0000
Fix typo in server.c
commit f38d4e8
Author: hwware <wen.hui.ware@gmail.com>
Date: Sun Feb 2 22:58:38 2020 -0500
fix typo in evict.c
commit fe143fc
Author: Leo Murillo <leonardo.murillo@gmail.com>
Date: Sun Feb 2 01:57:22 2020 -0600
Fix a few typos in redis.conf
commit 1ab4d21
Author: viraja1 <anchan.viraj@gmail.com>
Date: Fri Dec 27 17:15:58 2019 +0530
Fix typo in Latency API docstring
commit ca1f70e
Author: gosth <danxuedexing@qq.com>
Date: Wed Dec 18 15:18:02 2019 +0800
fix typo in sort.c
commit a57c06b
Author: ZYunH <zyunhjob@163.com>
Date: Mon Dec 16 22:28:46 2019 +0800
fix-zset-typo
commit b8c92b5
Author: git-hulk <hulk.website@gmail.com>
Date: Mon Dec 16 15:51:42 2019 +0800
FIX: typo in cluster.c, onformation->information
commit 9dd981c
Author: wujm2007 <jim.wujm@gmail.com>
Date: Mon Dec 16 09:37:52 2019 +0800
Fix typo
commit e132d7a
Author: Sebastien Williams-Wynn <s.williamswynn.mail@gmail.com>
Date: Fri Nov 15 00:14:07 2019 +0000
Minor typo change
commit 47f44d5
Author: happynote3966 <01ssrmikururudevice01@gmail.com>
Date: Mon Nov 11 22:08:48 2019 +0900
fix comment typo in redis-cli.c
commit b8bdb0d
Author: fulei <fulei@kuaishou.com>
Date: Wed Oct 16 18:00:17 2019 +0800
Fix a spelling mistake of comments in defragDictBucketCallback
commit 0def46a
Author: fulei <fulei@kuaishou.com>
Date: Wed Oct 16 13:09:27 2019 +0800
fix some spelling mistakes of comments in defrag.c
commit f3596fd
Author: Phil Rajchgot <tophil@outlook.com>
Date: Sun Oct 13 02:02:32 2019 -0400
Typo and grammar fixes
Redis and its documentation are great -- just wanted to submit a few corrections in the spirit of Hacktoberfest. Thanks for all your work on this project. I use it all the time and it works beautifully.
commit 2b928cd
Author: KangZhiDong <worldkzd@gmail.com>
Date: Sun Sep 1 07:03:11 2019 +0800
fix typos
commit 33aea14
Author: Axlgrep <axlgrep@gmail.com>
Date: Tue Aug 27 11:02:18 2019 +0800
Fixed eviction spelling issues
commit e282a80
Author: Simen Flatby <simen@oms.no>
Date: Tue Aug 20 15:25:51 2019 +0200
Update comments to reflect prop name
In the comments the prop is referenced as replica-validity-factor,
but it is really named cluster-replica-validity-factor.
commit 74d1f9a
Author: Jim Green <jimgreen2013@qq.com>
Date: Tue Aug 20 20:00:31 2019 +0800
fix comment error, the code is ok
commit eea1407
Author: Liao Tonglang <liaotonglang@gmail.com>
Date: Fri May 31 10:16:18 2019 +0800
typo fix
fix cna't to can't
commit 0da553c
Author: KAWACHI Takashi <tkawachi@gmail.com>
Date: Wed Jul 17 00:38:16 2019 +0900
Fix typo
commit 7fc8fb6
Author: Michael Prokop <mika@grml.org>
Date: Tue May 28 17:58:42 2019 +0200
Typo fixes
s/familar/familiar/
s/compatiblity/compatibility/
s/ ot / to /
s/itsef/itself/
commit 5f46c9d
Author: zhumoing <34539422+zhumoing@users.noreply.github.com>
Date: Tue May 21 21:16:50 2019 +0800
typo-fixes
typo-fixes
commit 321dfe1
Author: wxisme <850885154@qq.com>
Date: Sat Mar 16 15:10:55 2019 +0800
typo fix
commit b4fb131
Merge: 267e0e6 3df1eb8
Author: Nikitas Bastas <nikitasbst@gmail.com>
Date: Fri Feb 8 22:55:45 2019 +0200
Merge branch 'unstable' of antirez/redis into unstable
commit 267e0e6
Author: Nikitas Bastas <nikitasbst@gmail.com>
Date: Wed Jan 30 21:26:04 2019 +0200
Minor typo fix
commit 30544e7
Author: inshal96 <39904558+inshal96@users.noreply.github.com>
Date: Fri Jan 4 16:54:50 2019 +0500
remove an extra 'a' in the comments
commit 337969d
Author: BrotherGao <yangdongheng11@gmail.com>
Date: Sat Dec 29 12:37:29 2018 +0800
fix typo in redis.conf
commit 9f4b121
Merge: 423a030 e504583
Author: BrotherGao <yangdongheng@xiaomi.com>
Date: Sat Dec 29 11:41:12 2018 +0800
Merge branch 'unstable' of antirez/redis into unstable
commit 423a030
Merge: 42b02b7 46a51cd
Author: 杨东衡 <yangdongheng@xiaomi.com>
Date: Tue Dec 4 23:56:11 2018 +0800
Merge branch 'unstable' of antirez/redis into unstable
commit 42b02b7
Merge: 68c0e6e b8febe6
Author: Dongheng Yang <yangdongheng11@gmail.com>
Date: Sun Oct 28 15:54:23 2018 +0800
Merge pull request #1 from antirez/unstable
update local data
commit 714b589
Author: Christian <crifei93@gmail.com>
Date: Fri Dec 28 01:17:26 2018 +0100
fix typo "resulution"
commit e23259d
Author: garenchan <1412950785@qq.com>
Date: Wed Dec 26 09:58:35 2018 +0800
fix typo: segfauls -> segfault
commit a9359f8
Author: xjp <jianping_xie@aliyun.com>
Date: Tue Dec 18 17:31:44 2018 +0800
Fixed REDISMODULE_H spell bug
commit a12c3e4
Author: jdiaz <jrd.palacios@gmail.com>
Date: Sat Dec 15 23:39:52 2018 -0600
Fixes hyperloglog hash function comment block description
commit 770eb11
Author: 林上耀 <1210tom@163.com>
Date: Sun Nov 25 17:16:10 2018 +0800
fix typo
commit fd97fbb
Author: Chris Lamb <chris@chris-lamb.co.uk>
Date: Fri Nov 23 17:14:01 2018 +0100
Correct "unsupported" typo.
commit a85522d
Author: Jungnam Lee <jungnam.lee@oracle.com>
Date: Thu Nov 8 23:01:29 2018 +0900
fix typo in test comments
commit ade8007
Author: Arun Kumar <palerdot@users.noreply.github.com>
Date: Tue Oct 23 16:56:35 2018 +0530
Fixed grammatical typo
Fixed typo for word 'dictionary'
commit 869ee39
Author: Hamid Alaei <hamid.a85@gmail.com>
Date: Sun Aug 12 16:40:02 2018 +0430
fix documentations: (ThreadSafeContextStart/Stop -> ThreadSafeContextLock/Unlock), minor typo
commit f89d158
Author: Mayank Jain <mayankjain255@gmail.com>
Date: Tue Jul 31 23:01:21 2018 +0530
Updated README.md with some spelling corrections.
Made correction in spelling of some misspelled words.
commit 892198e
Author: dsomeshwar <someshwar.dhayalan@gmail.com>
Date: Sat Jul 21 23:23:04 2018 +0530
typo fix
commit 8a4d780
Author: Itamar Haber <itamar@redislabs.com>
Date: Mon Apr 30 02:06:52 2018 +0300
Fixes some typos
commit e3acef6
Author: Noah Rosamilia <ivoahivoah@gmail.com>
Date: Sat Mar 3 23:41:21 2018 -0500
Fix typo in /deps/README.md
commit 04442fb
Author: WuYunlong <xzsyeb@126.com>
Date: Sat Mar 3 10:32:42 2018 +0800
Fix typo in readSyncBulkPayload() comment.
commit 9f36880
Author: WuYunlong <xzsyeb@126.com>
Date: Sat Mar 3 10:20:37 2018 +0800
replication.c comment: run_id -> replid.
commit f866b4a
Author: Francesco 'makevoid' Canessa <makevoid@gmail.com>
Date: Thu Feb 22 22:01:56 2018 +0000
fix comment typo in server.c
commit 0ebc69b
Author: 줍 <jubee0124@gmail.com>
Date: Mon Feb 12 16:38:48 2018 +0900
Fix typo in redis.conf
Fix `five behaviors` to `eight behaviors` in [this sentence ](antirez/redis@unstable/redis.conf#L564)
commit b50a620
Author: martinbroadhurst <martinbroadhurst@users.noreply.github.com>
Date: Thu Dec 28 12:07:30 2017 +0000
Fix typo in valgrind.sup
commit 7d8f349
Author: Peter Boughton <peter@sorcerersisle.com>
Date: Mon Nov 27 19:52:19 2017 +0000
Update CONTRIBUTING; refer doc updates to redis-doc repo.
commit 02dec7e
Author: Klauswk <klauswk1@hotmail.com>
Date: Tue Oct 24 16:18:38 2017 -0200
Fix typo in comment
commit e1efbc8
Author: chenshi <baiwfg2@gmail.com>
Date: Tue Oct 3 18:26:30 2017 +0800
Correct two spelling errors of comments
commit 93327d8
Author: spacewander <spacewanderlzx@gmail.com>
Date: Wed Sep 13 16:47:24 2017 +0800
Update the comment for OBJ_ENCODING_EMBSTR_SIZE_LIMIT's value
The value of OBJ_ENCODING_EMBSTR_SIZE_LIMIT is 44 now instead of 39.
commit 63d361f
Author: spacewander <spacewanderlzx@gmail.com>
Date: Tue Sep 12 15:06:42 2017 +0800
Fix <prevlen> related doc in ziplist.c
According to the definition of ZIP_BIG_PREVLEN and other related code,
the guard of single byte <prevlen> should be 254 instead of 255.
commit ebe228d
Author: hanael80 <hanael80@gmail.com>
Date: Tue Aug 15 09:09:40 2017 +0900
Fix typo
commit 6b696e6
Author: Matt Robenolt <matt@ydekproductions.com>
Date: Mon Aug 14 14:50:47 2017 -0700
Fix typo in LATENCY DOCTOR output
commit a2ec6ae
Author: caosiyang <caosiyang@qiyi.com>
Date: Tue Aug 15 14:15:16 2017 +0800
Fix a typo: form => from
commit 3ab7699
Author: caosiyang <caosiyang@qiyi.com>
Date: Thu Aug 10 18:40:33 2017 +0800
Fix a typo: replicationFeedSlavesFromMaster() => replicationFeedSlavesFromMasterStream()
commit 72d43ef
Author: caosiyang <caosiyang@qiyi.com>
Date: Tue Aug 8 15:57:25 2017 +0800
fix a typo: servewr => server
commit 707c958
Author: Bo Cai <charpty@gmail.com>
Date: Wed Jul 26 21:49:42 2017 +0800
redis-cli.c typo: conut -> count.
Signed-off-by: Bo Cai <charpty@gmail.com>
commit b9385b2
Author: JackDrogon <jack.xsuperman@gmail.com>
Date: Fri Jun 30 14:22:31 2017 +0800
Fix some spell problems
commit 20d9230
Author: akosel <aaronjkosel@gmail.com>
Date: Sun Jun 4 19:35:13 2017 -0500
Fix typo
commit b167bfc
Author: Krzysiek Witkowicz <krzysiekwitkowicz@gmail.com>
Date: Mon May 22 21:32:27 2017 +0100
Fix #4008 small typo in comment
commit 2b78ac8
Author: Jake Clarkson <jacobwclarkson@gmail.com>
Date: Wed Apr 26 15:49:50 2017 +0100
Correct typo in tests/unit/hyperloglog.tcl
commit b0f1cdb
Author: Qi Luo <qiluo-msft@users.noreply.github.com>
Date: Wed Apr 19 14:25:18 2017 -0700
Fix typo
commit a90b0f9
Author: charsyam <charsyam@naver.com>
Date: Thu Mar 16 18:19:53 2017 +0900
fix typos
fix typos
fix typos
commit 8430a79
Author: Richard Hart <richardhart92@gmail.com>
Date: Mon Mar 13 22:17:41 2017 -0400
Fixed log message typo in listenToPort.
commit 481a1c2
Author: Vinod Kumar <kumar003vinod@gmail.com>
Date: Sun Jan 15 23:04:51 2017 +0530
src/db.c: Correct "save" -> "safe" typo
commit 586b4d3
Author: wangshaonan <wshn13@gmail.com>
Date: Wed Dec 21 20:28:27 2016 +0800
Fix typo they->the in helloworld.c
commit c1c4b5e
Author: Jenner <hypxm@qq.com>
Date: Mon Dec 19 16:39:46 2016 +0800
typo error
commit 1ee1a3f
Author: tielei <43289893@qq.com>
Date: Mon Jul 18 13:52:25 2016 +0800
fix some comments
commit 11a41fb
Author: Otto Kekäläinen <otto@seravo.fi>
Date: Sun Jul 3 10:23:55 2016 +0100
Fix spelling in documentation and comments
commit 5fb5d82
Author: francischan <f1ancis621@gmail.com>
Date: Tue Jun 28 00:19:33 2016 +0800
Fix outdated comments about redis.c file.
It should now refer to server.c file.
commit 6b254bc
Author: lmatt-bit <lmatt123n@gmail.com>
Date: Thu Apr 21 21:45:58 2016 +0800
Refine the comment of dictRehashMilliseconds func
SLAVECONF->REPLCONF in comment - by andyli029
commit ee9869f
Author: clark.kang <charsyam@naver.com>
Date: Tue Mar 22 11:09:51 2016 +0900
fix typos
commit f7b3b11
Author: Harisankar H <harisankarh@gmail.com>
Date: Wed Mar 9 11:49:42 2016 +0530
Typo correction: "faield" --> "failed"
Typo correction: "faield" --> "failed"
commit 3fd40fc
Author: Itamar Haber <itamar@redislabs.com>
Date: Thu Feb 25 10:31:51 2016 +0200
Fixes a typo in comments
commit 621c160
Author: Prayag Verma <prayag.verma@gmail.com>
Date: Mon Feb 1 12:36:20 2016 +0530
Fix typo in Readme.md
Spelling mistakes -
`eviciton` > `eviction`
`familar` > `familiar`
commit d7d07d6
Author: WonCheol Lee <toctoc21c@gmail.com>
Date: Wed Dec 30 15:11:34 2015 +0900
Typo fixed
commit a4dade7
Author: Felix Bünemann <buenemann@louis.info>
Date: Mon Dec 28 11:02:55 2015 +0100
[ci skip] Improve supervised upstart config docs
This mentions that "expect stop" is required for supervised upstart
to work correctly. See http://upstart.ubuntu.com/cookbook/#expect-stop
for an explanation.
commit d9caba9
Author: daurnimator <quae@daurnimator.com>
Date: Mon Dec 21 18:30:03 2015 +1100
README: Remove trailing whitespace
commit 72d42e5
Author: daurnimator <quae@daurnimator.com>
Date: Mon Dec 21 18:29:32 2015 +1100
README: Fix typo. th => the
commit dd6e957
Author: daurnimator <quae@daurnimator.com>
Date: Mon Dec 21 18:29:20 2015 +1100
README: Fix typo. familar => familiar
commit 3a12b23
Author: daurnimator <quae@daurnimator.com>
Date: Mon Dec 21 18:28:54 2015 +1100
README: Fix typo. eviciton => eviction
commit 2d1d03b
Author: daurnimator <quae@daurnimator.com>
Date: Mon Dec 21 18:21:45 2015 +1100
README: Fix typo. sever => server
commit 3973b06
Author: Itamar Haber <itamar@garantiadata.com>
Date: Sat Dec 19 17:01:20 2015 +0200
Typo fix
commit 4f2e460
Author: Steve Gao <fu@2token.com>
Date: Fri Dec 4 10:22:05 2015 +0800
Update README - fix typos
commit b21667c
Author: binyan <binbin.yan@nokia.com>
Date: Wed Dec 2 22:48:37 2015 +0800
delete redundancy color judge in sdscatcolor
commit 88894c7
Author: binyan <binbin.yan@nokia.com>
Date: Wed Dec 2 22:14:42 2015 +0800
the example output shoule be HelloWorld
commit 2763470
Author: binyan <binbin.yan@nokia.com>
Date: Wed Dec 2 17:41:39 2015 +0800
modify error word keyevente
Signed-off-by: binyan <binbin.yan@nokia.com>
commit 0847b3d
Author: Bruno Martins <bscmartins@gmail.com>
Date: Wed Nov 4 11:37:01 2015 +0000
typo
commit bbb9e9e
Author: dawedawe <dawedawe@gmx.de>
Date: Fri Mar 27 00:46:41 2015 +0100
typo: zimap -> zipmap
commit 5ed297e
Author: Axel Advento <badwolf.bloodseeker.rev@gmail.com>
Date: Tue Mar 3 15:58:29 2015 +0800
Fix 'salve' typos to 'slave'
commit edec9d6
Author: LudwikJaniuk <ludvig.janiuk@gmail.com>
Date: Wed Jun 12 14:12:47 2019 +0200
Update README.md
Co-Authored-By: Qix <Qix-@users.noreply.github.com>
commit 692a7af
Author: LudwikJaniuk <ludvig.janiuk@gmail.com>
Date: Tue May 28 14:32:04 2019 +0200
grammar
commit d962b0a
Author: Nick Frost <nickfrostatx@gmail.com>
Date: Wed Jul 20 15:17:12 2016 -0700
Minor grammar fix
commit 24fff01aaccaf5956973ada8c50ceb1462e211c6 (typos)
Author: Chad Miller <chadm@squareup.com>
Date: Tue Sep 8 13:46:11 2020 -0400
Fix faulty comment about operation of unlink()
commit 3cd5c1f3326c52aa552ada7ec797c6bb16452355
Author: Kevin <kevin.xgr@gmail.com>
Date: Wed Nov 20 00:13:50 2019 +0800
Fix typo in server.c.
From a83af59 Mon Sep 17 00:00:00 2001
From: wuwo <wuwo@wacai.com>
Date: Fri, 17 Mar 2017 20:37:45 +0800
Subject: [PATCH] falure to failure
From c961896 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B7=A6=E6=87=B6?= <veficos@gmail.com>
Date: Sat, 27 May 2017 15:33:04 +0800
Subject: [PATCH] fix typo
From e600ef2 Mon Sep 17 00:00:00 2001
From: "rui.zou" <rui.zou@yunify.com>
Date: Sat, 30 Sep 2017 12:38:15 +0800
Subject: [PATCH] fix a typo
From c7d07fa Mon Sep 17 00:00:00 2001
From: Alexandre Perrin <alex@kaworu.ch>
Date: Thu, 16 Aug 2018 10:35:31 +0200
Subject: [PATCH] deps README.md typo
From b25cb67 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Wed, 26 Sep 2018 10:55:37 +0300
Subject: [PATCH 1/2] fix typos in header
From ad28ca6 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Wed, 26 Sep 2018 11:02:36 +0300
Subject: [PATCH 2/2] fix typos
commit 34924cdedd8552466fc22c1168d49236cb7ee915
Author: Adrian Lynch <adi_ady_ade@hotmail.com>
Date: Sat Apr 4 21:59:15 2015 +0100
Typos fixed
commit fd2a1e7
Author: Jan <jsteemann@users.noreply.github.com>
Date: Sat Oct 27 19:13:01 2018 +0200
Fix typos
Fix typos
commit e14e47c1a234b53b0e103c5f6a1c61481cbcbb02
Author: Andy Lester <andy@petdance.com>
Date: Fri Aug 2 22:30:07 2019 -0500
Fix multiple misspellings of "following"
commit 79b948ce2dac6b453fe80995abbcaac04c213d5a
Author: Andy Lester <andy@petdance.com>
Date: Fri Aug 2 22:24:28 2019 -0500
Fix misspelling of create-cluster
commit 1fffde52666dc99ab35efbd31071a4c008cb5a71
Author: Andy Lester <andy@petdance.com>
Date: Wed Jul 31 17:57:56 2019 -0500
Fix typos
commit 204c9ba9651e9e05fd73936b452b9a30be456cfe
Author: Xiaobo Zhu <xiaobo.zhu@shopee.com>
Date: Tue Aug 13 22:19:25 2019 +0800
fix typos
Squashed commit of the following:
commit 1d9aaf8
Author: danmedani <danmedani@gmail.com>
Date: Sun Aug 2 11:40:26 2015 -0700
README typo fix.
Squashed commit of the following:
commit 32bfa7c
Author: Erik Dubbelboer <erik@dubbelboer.com>
Date: Mon Jul 6 21:15:08 2015 +0200
Fixed grammer
Squashed commit of the following:
commit b24f69c
Author: Sisir Koppaka <sisir.koppaka@gmail.com>
Date: Mon Mar 2 22:38:45 2015 -0500
utils/hashtable/rehashing.c: Fix typos
Squashed commit of the following:
commit 4e04082
Author: Erik Dubbelboer <erik@dubbelboer.com>
Date: Mon Mar 23 08:22:21 2015 +0000
Small config file documentation improvements
Squashed commit of the following:
commit acb8773
Author: ctd1500 <ctd1500@gmail.com>
Date: Fri May 8 01:52:48 2015 -0700
Typo and grammar fixes in readme
commit 2eb75b6
Author: ctd1500 <ctd1500@gmail.com>
Date: Fri May 8 01:36:18 2015 -0700
fixed redis.conf comment
Squashed commit of the following:
commit a8249a2
Author: Masahiko Sawada <sawada.mshk@gmail.com>
Date: Fri Dec 11 11:39:52 2015 +0530
Revise correction of typos.
Squashed commit of the following:
commit 3c02028
Author: zhaojun11 <zhaojun11@jd.com>
Date: Wed Jan 17 19:05:28 2018 +0800
Fix typos include two code typos in cluster.c and latency.c
Squashed commit of the following:
commit 9dba47c
Author: q191201771 <191201771@qq.com>
Date: Sat Jan 4 11:31:04 2020 +0800
fix function listCreate comment in adlist.c
Update src/server.c
commit 2c7c2cb536e78dd211b1ac6f7bda00f0f54faaeb
Author: charpty <charpty@gmail.com>
Date: Tue May 1 23:16:59 2018 +0800
server.c typo: modules system dictionary type comment
Signed-off-by: charpty <charpty@gmail.com>
commit a8395323fb63cb59cb3591cb0f0c8edb7c29a680
Author: Itamar Haber <itamar@redislabs.com>
Date: Sun May 6 00:25:18 2018 +0300
Updates test_helper.tcl's help with undocumented options
Specifically:
* Host
* Port
* Client
commit bde6f9ced15755cd6407b4af7d601b030f36d60b
Author: wxisme <850885154@qq.com>
Date: Wed Aug 8 15:19:19 2018 +0800
fix comments in deps files
commit 3172474ba991532ab799ee1873439f3402412331
Author: wxisme <850885154@qq.com>
Date: Wed Aug 8 14:33:49 2018 +0800
fix some comments
commit 01b6f2b6858b5cf2ce4ad5092d2c746e755f53f0
Author: Thor Juhasz <thor@juhasz.pro>
Date: Sun Nov 18 14:37:41 2018 +0100
Minor fixes to comments
Found some parts a little unclear on a first read, which prompted me to have a better look at the file and fix some minor things I noticed.
Fixing minor typos and grammar. There are no changes to configuration options.
These changes are only meant to help the user better understand the explanations to the various configuration options
2020-09-10 06:43:38 -04:00
|
|
|
* the pointer to the previous element (the one on the left), or NULL if 'p'
|
2017-08-30 06:40:27 -04:00
|
|
|
* already pointed to the first element of the listpack. */
|
|
|
|
|
unsigned char *lpPrev(unsigned char *lp, unsigned char *p) {
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
assert(p);
|
2017-08-30 06:40:27 -04:00
|
|
|
if (p-lp == LP_HDR_SIZE) return NULL;
|
|
|
|
|
p--; /* Seek the first backlen byte of the last element. */
|
|
|
|
|
uint64_t prevlen = lpDecodeBacklen(p);
|
|
|
|
|
prevlen += lpEncodeBacklen(NULL,prevlen);
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
p -= prevlen-1; /* Seek the first byte of the previous entry. */
|
|
|
|
|
ASSERT_INTEGRITY(lp, p);
|
|
|
|
|
return p;
|
2017-08-30 06:40:27 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return a pointer to the first element of the listpack, or NULL if the
|
|
|
|
|
* listpack has no elements. */
|
|
|
|
|
unsigned char *lpFirst(unsigned char *lp) {
|
|
|
|
|
lp += LP_HDR_SIZE; /* Skip the header. */
|
|
|
|
|
if (lp[0] == LP_EOF) return NULL;
|
|
|
|
|
return lp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return a pointer to the last element of the listpack, or NULL if the
|
|
|
|
|
* listpack has no elements. */
|
|
|
|
|
unsigned char *lpLast(unsigned char *lp) {
|
|
|
|
|
unsigned char *p = lp+lpGetTotalBytes(lp)-1; /* Seek EOF element. */
|
|
|
|
|
return lpPrev(lp,p); /* Will return NULL if EOF is the only element. */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the number of elements inside the listpack. This function attempts
|
|
|
|
|
* to use the cached value when within range, otherwise a full scan is
|
|
|
|
|
* needed. As a side effect of calling this function, the listpack header
|
|
|
|
|
* could be modified, because if the count is found to be already within
|
|
|
|
|
* the 'numele' header field range, the new value is set. */
|
|
|
|
|
uint32_t lpLength(unsigned char *lp) {
|
|
|
|
|
uint32_t numele = lpGetNumElements(lp);
|
|
|
|
|
if (numele != LP_HDR_NUMELE_UNKNOWN) return numele;
|
|
|
|
|
|
|
|
|
|
/* Too many elements inside the listpack. We need to scan in order
|
|
|
|
|
* to get the total number. */
|
|
|
|
|
uint32_t count = 0;
|
|
|
|
|
unsigned char *p = lpFirst(lp);
|
|
|
|
|
while(p) {
|
|
|
|
|
count++;
|
|
|
|
|
p = lpNext(lp,p);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If the count is again within range of the header numele field,
|
|
|
|
|
* set it. */
|
|
|
|
|
if (count < LP_HDR_NUMELE_UNKNOWN) lpSetNumElements(lp,count);
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the listpack element pointed by 'p'.
|
|
|
|
|
*
|
|
|
|
|
* The function changes behavior depending on the passed 'intbuf' value.
|
|
|
|
|
* Specifically, if 'intbuf' is NULL:
|
|
|
|
|
*
|
|
|
|
|
* If the element is internally encoded as an integer, the function returns
|
|
|
|
|
* NULL and populates the integer value by reference in 'count'. Otherwise if
|
|
|
|
|
* the element is encoded as a string a pointer to the string (pointing inside
|
|
|
|
|
* the listpack itself) is returned, and 'count' is set to the length of the
|
|
|
|
|
* string.
|
|
|
|
|
*
|
|
|
|
|
* If instead 'intbuf' points to a buffer passed by the caller, that must be
|
|
|
|
|
* at least LP_INTBUF_SIZE bytes, the function always returns the element as
|
|
|
|
|
* it was a string (returning the pointer to the string and setting the
|
|
|
|
|
* 'count' argument to the string length by reference). However if the element
|
|
|
|
|
* is encoded as an integer, the 'intbuf' buffer is used in order to store
|
|
|
|
|
* the string representation.
|
|
|
|
|
*
|
|
|
|
|
* The user should use one or the other form depending on what the value will
|
|
|
|
|
* be used for. If there is immediate usage for an integer value returned
|
|
|
|
|
* by the function, than to pass a buffer (and convert it back to a number)
|
|
|
|
|
* is of course useless.
|
|
|
|
|
*
|
|
|
|
|
* If the function is called against a badly encoded ziplist, so that there
|
|
|
|
|
* is no valid way to parse it, the function returns like if there was an
|
|
|
|
|
* integer encoded with value 12345678900000000 + <unrecognized byte>, this may
|
|
|
|
|
* be an hint to understand that something is wrong. To crash in this case is
|
|
|
|
|
* not sensible because of the different requirements of the application using
|
|
|
|
|
* this lib.
|
|
|
|
|
*
|
|
|
|
|
* Similarly, there is no error returned since the listpack normally can be
|
|
|
|
|
* assumed to be valid, so that would be a very high API cost. However a function
|
|
|
|
|
* in order to check the integrity of the listpack at load time is provided,
|
|
|
|
|
* check lpIsValid(). */
|
|
|
|
|
unsigned char *lpGet(unsigned char *p, int64_t *count, unsigned char *intbuf) {
|
|
|
|
|
int64_t val;
|
|
|
|
|
uint64_t uval, negstart, negmax;
|
|
|
|
|
|
2020-08-14 09:05:34 -04:00
|
|
|
assert(p); /* assertion for valgrind (avoid NPD) */
|
2017-08-30 06:40:27 -04:00
|
|
|
if (LP_ENCODING_IS_7BIT_UINT(p[0])) {
|
|
|
|
|
negstart = UINT64_MAX; /* 7 bit ints are always positive. */
|
|
|
|
|
negmax = 0;
|
|
|
|
|
uval = p[0] & 0x7f;
|
|
|
|
|
} else if (LP_ENCODING_IS_6BIT_STR(p[0])) {
|
|
|
|
|
*count = LP_ENCODING_6BIT_STR_LEN(p);
|
|
|
|
|
return p+1;
|
|
|
|
|
} else if (LP_ENCODING_IS_13BIT_INT(p[0])) {
|
|
|
|
|
uval = ((p[0]&0x1f)<<8) | p[1];
|
|
|
|
|
negstart = (uint64_t)1<<12;
|
|
|
|
|
negmax = 8191;
|
|
|
|
|
} else if (LP_ENCODING_IS_16BIT_INT(p[0])) {
|
|
|
|
|
uval = (uint64_t)p[1] |
|
|
|
|
|
(uint64_t)p[2]<<8;
|
|
|
|
|
negstart = (uint64_t)1<<15;
|
|
|
|
|
negmax = UINT16_MAX;
|
|
|
|
|
} else if (LP_ENCODING_IS_24BIT_INT(p[0])) {
|
|
|
|
|
uval = (uint64_t)p[1] |
|
|
|
|
|
(uint64_t)p[2]<<8 |
|
|
|
|
|
(uint64_t)p[3]<<16;
|
|
|
|
|
negstart = (uint64_t)1<<23;
|
|
|
|
|
negmax = UINT32_MAX>>8;
|
|
|
|
|
} else if (LP_ENCODING_IS_32BIT_INT(p[0])) {
|
|
|
|
|
uval = (uint64_t)p[1] |
|
|
|
|
|
(uint64_t)p[2]<<8 |
|
|
|
|
|
(uint64_t)p[3]<<16 |
|
|
|
|
|
(uint64_t)p[4]<<24;
|
|
|
|
|
negstart = (uint64_t)1<<31;
|
|
|
|
|
negmax = UINT32_MAX;
|
|
|
|
|
} else if (LP_ENCODING_IS_64BIT_INT(p[0])) {
|
|
|
|
|
uval = (uint64_t)p[1] |
|
|
|
|
|
(uint64_t)p[2]<<8 |
|
|
|
|
|
(uint64_t)p[3]<<16 |
|
|
|
|
|
(uint64_t)p[4]<<24 |
|
|
|
|
|
(uint64_t)p[5]<<32 |
|
|
|
|
|
(uint64_t)p[6]<<40 |
|
|
|
|
|
(uint64_t)p[7]<<48 |
|
|
|
|
|
(uint64_t)p[8]<<56;
|
|
|
|
|
negstart = (uint64_t)1<<63;
|
|
|
|
|
negmax = UINT64_MAX;
|
|
|
|
|
} else if (LP_ENCODING_IS_12BIT_STR(p[0])) {
|
|
|
|
|
*count = LP_ENCODING_12BIT_STR_LEN(p);
|
|
|
|
|
return p+2;
|
|
|
|
|
} else if (LP_ENCODING_IS_32BIT_STR(p[0])) {
|
|
|
|
|
*count = LP_ENCODING_32BIT_STR_LEN(p);
|
|
|
|
|
return p+5;
|
|
|
|
|
} else {
|
|
|
|
|
uval = 12345678900000000ULL + p[0];
|
|
|
|
|
negstart = UINT64_MAX;
|
|
|
|
|
negmax = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We reach this code path only for integer encodings.
|
|
|
|
|
* Convert the unsigned value to the signed one using two's complement
|
|
|
|
|
* rule. */
|
|
|
|
|
if (uval >= negstart) {
|
|
|
|
|
/* This three steps conversion should avoid undefined behaviors
|
|
|
|
|
* in the unsigned -> signed conversion. */
|
|
|
|
|
uval = negmax-uval;
|
|
|
|
|
val = uval;
|
|
|
|
|
val = -val-1;
|
|
|
|
|
} else {
|
|
|
|
|
val = uval;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the string representation of the integer or the value itself
|
|
|
|
|
* depending on intbuf being NULL or not. */
|
|
|
|
|
if (intbuf) {
|
2018-03-01 09:26:27 -05:00
|
|
|
*count = snprintf((char*)intbuf,LP_INTBUF_SIZE,"%lld",(long long)val);
|
2017-08-30 06:40:27 -04:00
|
|
|
return intbuf;
|
|
|
|
|
} else {
|
|
|
|
|
*count = val;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-01 01:24:50 -04:00
|
|
|
/* Insert, delete or replace the specified element 'ele' of length 'len' at
|
2017-08-30 06:40:27 -04:00
|
|
|
* the specified position 'p', with 'p' being a listpack element pointer
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
* obtained with lpFirst(), lpLast(), lpNext(), lpPrev() or lpSeek().
|
2017-08-30 06:40:27 -04:00
|
|
|
*
|
|
|
|
|
* The element is inserted before, after, or replaces the element pointed
|
|
|
|
|
* by 'p' depending on the 'where' argument, that can be LP_BEFORE, LP_AFTER
|
|
|
|
|
* or LP_REPLACE.
|
|
|
|
|
*
|
|
|
|
|
* If 'ele' is set to NULL, the function removes the element pointed by 'p'
|
|
|
|
|
* instead of inserting one.
|
|
|
|
|
*
|
|
|
|
|
* Returns NULL on out of memory or when the listpack total length would exceed
|
|
|
|
|
* the max allowed size of 2^32-1, otherwise the new pointer to the listpack
|
|
|
|
|
* holding the new element is returned (and the old pointer passed is no longer
|
|
|
|
|
* considered valid)
|
|
|
|
|
*
|
|
|
|
|
* If 'newp' is not NULL, at the end of a successful call '*newp' will be set
|
|
|
|
|
* to the address of the element just added, so that it will be possible to
|
|
|
|
|
* continue an interation with lpNext() and lpPrev().
|
|
|
|
|
*
|
|
|
|
|
* For deletion operations ('ele' set to NULL) 'newp' is set to the next
|
|
|
|
|
* element, on the right of the deleted one, or to NULL if the deleted element
|
|
|
|
|
* was the last one. */
|
|
|
|
|
unsigned char *lpInsert(unsigned char *lp, unsigned char *ele, uint32_t size, unsigned char *p, int where, unsigned char **newp) {
|
|
|
|
|
unsigned char intenc[LP_MAX_INT_ENCODING_LEN];
|
|
|
|
|
unsigned char backlen[LP_MAX_BACKLEN_SIZE];
|
|
|
|
|
|
|
|
|
|
uint64_t enclen; /* The length of the encoded element. */
|
|
|
|
|
|
|
|
|
|
/* An element pointer set to NULL means deletion, which is conceptually
|
|
|
|
|
* replacing the element with a zero-length element. So whatever we
|
|
|
|
|
* get passed as 'where', set it to LP_REPLACE. */
|
|
|
|
|
if (ele == NULL) where = LP_REPLACE;
|
|
|
|
|
|
|
|
|
|
/* If we need to insert after the current element, we just jump to the
|
|
|
|
|
* next element (that could be the EOF one) and handle the case of
|
|
|
|
|
* inserting before. So the function will actually deal with just two
|
|
|
|
|
* cases: LP_BEFORE and LP_REPLACE. */
|
|
|
|
|
if (where == LP_AFTER) {
|
|
|
|
|
p = lpSkip(p);
|
|
|
|
|
where = LP_BEFORE;
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
ASSERT_INTEGRITY(lp, p);
|
2017-08-30 06:40:27 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Store the offset of the element 'p', so that we can obtain its
|
|
|
|
|
* address again after a reallocation. */
|
|
|
|
|
unsigned long poff = p-lp;
|
|
|
|
|
|
|
|
|
|
/* Calling lpEncodeGetType() results into the encoded version of the
|
|
|
|
|
* element to be stored into 'intenc' in case it is representable as
|
|
|
|
|
* an integer: in that case, the function returns LP_ENCODING_INT.
|
|
|
|
|
* Otherwise if LP_ENCODING_STR is returned, we'll have to call
|
|
|
|
|
* lpEncodeString() to actually write the encoded string on place later.
|
|
|
|
|
*
|
|
|
|
|
* Whatever the returned encoding is, 'enclen' is populated with the
|
|
|
|
|
* length of the encoded element. */
|
|
|
|
|
int enctype;
|
|
|
|
|
if (ele) {
|
|
|
|
|
enctype = lpEncodeGetType(ele,size,intenc,&enclen);
|
|
|
|
|
} else {
|
|
|
|
|
enctype = -1;
|
|
|
|
|
enclen = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We need to also encode the backward-parsable length of the element
|
|
|
|
|
* and append it to the end: this allows to traverse the listpack from
|
|
|
|
|
* the end to the start. */
|
|
|
|
|
unsigned long backlen_size = ele ? lpEncodeBacklen(backlen,enclen) : 0;
|
|
|
|
|
uint64_t old_listpack_bytes = lpGetTotalBytes(lp);
|
|
|
|
|
uint32_t replaced_len = 0;
|
|
|
|
|
if (where == LP_REPLACE) {
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
replaced_len = lpCurrentEncodedSizeUnsafe(p);
|
2017-08-30 06:40:27 -04:00
|
|
|
replaced_len += lpEncodeBacklen(NULL,replaced_len);
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
ASSERT_INTEGRITY_LEN(lp, p, replaced_len);
|
2017-08-30 06:40:27 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint64_t new_listpack_bytes = old_listpack_bytes + enclen + backlen_size
|
|
|
|
|
- replaced_len;
|
|
|
|
|
if (new_listpack_bytes > UINT32_MAX) return NULL;
|
|
|
|
|
|
|
|
|
|
/* We now need to reallocate in order to make space or shrink the
|
|
|
|
|
* allocation (in case 'when' value is LP_REPLACE and the new element is
|
|
|
|
|
* smaller). However we do that before memmoving the memory to
|
|
|
|
|
* make room for the new element if the final allocation will get
|
|
|
|
|
* larger, or we do it after if the final allocation will get smaller. */
|
|
|
|
|
|
|
|
|
|
unsigned char *dst = lp + poff; /* May be updated after reallocation. */
|
|
|
|
|
|
|
|
|
|
/* Realloc before: we need more room. */
|
2021-02-16 09:17:38 -05:00
|
|
|
if (new_listpack_bytes > old_listpack_bytes &&
|
|
|
|
|
new_listpack_bytes > lp_malloc_size(lp)) {
|
2017-08-30 06:40:27 -04:00
|
|
|
if ((lp = lp_realloc(lp,new_listpack_bytes)) == NULL) return NULL;
|
|
|
|
|
dst = lp + poff;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Setup the listpack relocating the elements to make the exact room
|
|
|
|
|
* we need to store the new one. */
|
|
|
|
|
if (where == LP_BEFORE) {
|
|
|
|
|
memmove(dst+enclen+backlen_size,dst,old_listpack_bytes-poff);
|
|
|
|
|
} else { /* LP_REPLACE. */
|
|
|
|
|
long lendiff = (enclen+backlen_size)-replaced_len;
|
|
|
|
|
memmove(dst+replaced_len+lendiff,
|
|
|
|
|
dst+replaced_len,
|
|
|
|
|
old_listpack_bytes-poff-replaced_len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Realloc after: we need to free space. */
|
|
|
|
|
if (new_listpack_bytes < old_listpack_bytes) {
|
|
|
|
|
if ((lp = lp_realloc(lp,new_listpack_bytes)) == NULL) return NULL;
|
|
|
|
|
dst = lp + poff;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Store the entry. */
|
|
|
|
|
if (newp) {
|
|
|
|
|
*newp = dst;
|
|
|
|
|
/* In case of deletion, set 'newp' to NULL if the next element is
|
|
|
|
|
* the EOF element. */
|
|
|
|
|
if (!ele && dst[0] == LP_EOF) *newp = NULL;
|
|
|
|
|
}
|
|
|
|
|
if (ele) {
|
|
|
|
|
if (enctype == LP_ENCODING_INT) {
|
|
|
|
|
memcpy(dst,intenc,enclen);
|
|
|
|
|
} else {
|
|
|
|
|
lpEncodeString(dst,ele,size);
|
|
|
|
|
}
|
|
|
|
|
dst += enclen;
|
|
|
|
|
memcpy(dst,backlen,backlen_size);
|
|
|
|
|
dst += backlen_size;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update header. */
|
|
|
|
|
if (where != LP_REPLACE || ele == NULL) {
|
|
|
|
|
uint32_t num_elements = lpGetNumElements(lp);
|
|
|
|
|
if (num_elements != LP_HDR_NUMELE_UNKNOWN) {
|
|
|
|
|
if (ele)
|
|
|
|
|
lpSetNumElements(lp,num_elements+1);
|
|
|
|
|
else
|
|
|
|
|
lpSetNumElements(lp,num_elements-1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
lpSetTotalBytes(lp,new_listpack_bytes);
|
2018-10-02 13:36:33 -04:00
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
/* This code path is normally disabled: what it does is to force listpack
|
|
|
|
|
* to return *always* a new pointer after performing some modification to
|
|
|
|
|
* the listpack, even if the previous allocation was enough. This is useful
|
|
|
|
|
* in order to spot bugs in code using listpacks: by doing so we can find
|
|
|
|
|
* if the caller forgets to set the new pointer where the listpack reference
|
|
|
|
|
* is stored, after an update. */
|
|
|
|
|
unsigned char *oldlp = lp;
|
|
|
|
|
lp = lp_malloc(new_listpack_bytes);
|
|
|
|
|
memcpy(lp,oldlp,new_listpack_bytes);
|
|
|
|
|
if (newp) {
|
|
|
|
|
unsigned long offset = (*newp)-oldlp;
|
|
|
|
|
*newp = lp + offset;
|
|
|
|
|
}
|
|
|
|
|
/* Make sure the old allocation contains garbage. */
|
|
|
|
|
memset(oldlp,'A',new_listpack_bytes);
|
|
|
|
|
lp_free(oldlp);
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-08-30 06:40:27 -04:00
|
|
|
return lp;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-01 01:24:50 -04:00
|
|
|
/* Append the specified element 'ele' of length 'len' at the end of the
|
2017-08-30 06:40:27 -04:00
|
|
|
* listpack. It is implemented in terms of lpInsert(), so the return value is
|
|
|
|
|
* the same as lpInsert(). */
|
|
|
|
|
unsigned char *lpAppend(unsigned char *lp, unsigned char *ele, uint32_t size) {
|
|
|
|
|
uint64_t listpack_bytes = lpGetTotalBytes(lp);
|
|
|
|
|
unsigned char *eofptr = lp + listpack_bytes - 1;
|
|
|
|
|
return lpInsert(lp,ele,size,eofptr,LP_BEFORE,NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Remove the element pointed by 'p', and return the resulting listpack.
|
|
|
|
|
* If 'newp' is not NULL, the next element pointer (to the right of the
|
|
|
|
|
* deleted one) is returned by reference. If the deleted element was the
|
|
|
|
|
* last one, '*newp' is set to NULL. */
|
|
|
|
|
unsigned char *lpDelete(unsigned char *lp, unsigned char *p, unsigned char **newp) {
|
|
|
|
|
return lpInsert(lp,NULL,0,p,LP_REPLACE,newp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the total number of bytes the listpack is composed of. */
|
|
|
|
|
uint32_t lpBytes(unsigned char *lp) {
|
|
|
|
|
return lpGetTotalBytes(lp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Seek the specified element and returns the pointer to the seeked element.
|
|
|
|
|
* Positive indexes specify the zero-based element to seek from the head to
|
|
|
|
|
* the tail, negative indexes specify elements starting from the tail, where
|
|
|
|
|
* -1 means the last element, -2 the penultimate and so forth. If the index
|
|
|
|
|
* is out of range, NULL is returned. */
|
|
|
|
|
unsigned char *lpSeek(unsigned char *lp, long index) {
|
|
|
|
|
int forward = 1; /* Seek forward by default. */
|
|
|
|
|
|
|
|
|
|
/* We want to seek from left to right or the other way around
|
|
|
|
|
* depending on the listpack length and the element position.
|
|
|
|
|
* However if the listpack length cannot be obtained in constant time,
|
|
|
|
|
* we always seek from left to right. */
|
|
|
|
|
uint32_t numele = lpGetNumElements(lp);
|
|
|
|
|
if (numele != LP_HDR_NUMELE_UNKNOWN) {
|
|
|
|
|
if (index < 0) index = (long)numele+index;
|
|
|
|
|
if (index < 0) return NULL; /* Index still < 0 means out of range. */
|
2020-10-20 02:12:24 -04:00
|
|
|
if (index >= (long)numele) return NULL; /* Out of range the other side. */
|
2017-08-30 06:40:27 -04:00
|
|
|
/* We want to scan right-to-left if the element we are looking for
|
|
|
|
|
* is past the half of the listpack. */
|
2020-10-20 02:12:24 -04:00
|
|
|
if (index > (long)numele/2) {
|
2017-08-30 06:40:27 -04:00
|
|
|
forward = 0;
|
2020-06-16 05:50:38 -04:00
|
|
|
/* Right to left scanning always expects a negative index. Convert
|
2017-08-30 06:40:27 -04:00
|
|
|
* our index to negative form. */
|
|
|
|
|
index -= numele;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* If the listpack length is unspecified, for negative indexes we
|
2020-06-16 05:50:38 -04:00
|
|
|
* want to always scan right-to-left. */
|
2017-08-30 06:40:27 -04:00
|
|
|
if (index < 0) forward = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Forward and backward scanning is trivially based on lpNext()/lpPrev(). */
|
|
|
|
|
if (forward) {
|
|
|
|
|
unsigned char *ele = lpFirst(lp);
|
|
|
|
|
while (index > 0 && ele) {
|
|
|
|
|
ele = lpNext(lp,ele);
|
|
|
|
|
index--;
|
|
|
|
|
}
|
|
|
|
|
return ele;
|
|
|
|
|
} else {
|
|
|
|
|
unsigned char *ele = lpLast(lp);
|
|
|
|
|
while (index < -1 && ele) {
|
|
|
|
|
ele = lpPrev(lp,ele);
|
|
|
|
|
index++;
|
|
|
|
|
}
|
|
|
|
|
return ele;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
/* Validate the integrity of a single listpack entry and move to the next one.
|
|
|
|
|
* The input argument 'pp' is a reference to the current record and is advanced on exit.
|
|
|
|
|
* Returns 1 if valid, 0 if invalid. */
|
|
|
|
|
int lpValidateNext(unsigned char *lp, unsigned char **pp, size_t lpbytes) {
|
|
|
|
|
#define OUT_OF_RANGE(p) ( \
|
|
|
|
|
(p) < lp + LP_HDR_SIZE || \
|
|
|
|
|
(p) > lp + lpbytes - 1)
|
|
|
|
|
unsigned char *p = *pp;
|
|
|
|
|
if (!p)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (*p == LP_EOF) {
|
|
|
|
|
*pp = NULL;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* check that we can read the encoded size */
|
|
|
|
|
uint32_t lenbytes = lpCurrentEncodedSizeBytes(p);
|
|
|
|
|
if (!lenbytes)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* make sure the encoded entry length doesn't rech outside the edge of the listpack */
|
|
|
|
|
if (OUT_OF_RANGE(p + lenbytes))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* get the entry length and encoded backlen. */
|
|
|
|
|
unsigned long entrylen = lpCurrentEncodedSizeUnsafe(p);
|
|
|
|
|
unsigned long encodedBacklen = lpEncodeBacklen(NULL,entrylen);
|
|
|
|
|
entrylen += encodedBacklen;
|
|
|
|
|
|
|
|
|
|
/* make sure the entry doesn't rech outside the edge of the listpack */
|
|
|
|
|
if (OUT_OF_RANGE(p + entrylen))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* move to the next entry */
|
|
|
|
|
p += entrylen;
|
|
|
|
|
|
|
|
|
|
/* make sure the encoded length at the end patches the one at the beginning. */
|
|
|
|
|
uint64_t prevlen = lpDecodeBacklen(p-1);
|
|
|
|
|
if (prevlen + encodedBacklen != entrylen)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
*pp = p;
|
|
|
|
|
return 1;
|
|
|
|
|
#undef OUT_OF_RANGE
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-14 08:46:54 -04:00
|
|
|
/* Validate the integrity of the data structure.
|
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
|
|
|
* when `deep` is 0, only the integrity of the header is validated.
|
|
|
|
|
* when `deep` is 1, we scan all the entries one by one. */
|
|
|
|
|
int lpValidateIntegrity(unsigned char *lp, size_t size, int deep){
|
|
|
|
|
/* Check that we can actually read the header. (and EOF) */
|
|
|
|
|
if (size < LP_HDR_SIZE + 1)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Check that the encoded size in the header must match the allocated size. */
|
|
|
|
|
size_t bytes = lpGetTotalBytes(lp);
|
|
|
|
|
if (bytes != size)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* The last byte must be the terminator. */
|
|
|
|
|
if (lp[size-1] != LP_EOF)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (!deep)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
/* Validate the invividual entries. */
|
|
|
|
|
uint32_t count = 0;
|
|
|
|
|
unsigned char *p = lpFirst(lp);
|
|
|
|
|
while(p) {
|
|
|
|
|
if (!lpValidateNext(lp, &p, bytes))
|
|
|
|
|
return 0;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check that the count in the header is correct */
|
|
|
|
|
uint32_t numele = lpGetNumElements(lp);
|
|
|
|
|
if (numele != LP_HDR_NUMELE_UNKNOWN && numele != count)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
