Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
# tests of corrupt ziplist payload with valid CRC
2020-08-14 09:05:34 -04:00
# * setting crash-memcheck-enabled to no to avoid issues with valgrind
# * setting use-exit-on-panic to yes so that valgrind can search for leaks
# * settng debug set-skip-checksum-validation to 1 on some tests for which we
# didn't bother to fake a valid checksum
# * some tests set sanitize-dump-payload to no and some to yet, depending on
# what we want to test
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
tags { " d u m p " " c o r r u p t i o n " } {
set corrupt_payload_7445 " \x 0 E \x 0 1 \x 1 D \x 1 D \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 3 \x 0 0 \x 0 0 \x 0 4 \x 4 3 \x 4 3 \x 4 3 \x 4 3 \x 0 6 \x 0 4 \x 4 2 \x 4 2 \x 4 2 \x 4 2 \x 0 6 \x 3 F \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x F F \x 0 9 \x 0 0 \x 8 8 \x A 5 \x C A \x A 8 \x C 5 \x 4 1 \x F 4 \x 3 5 "
test { corrupt payload: # 7445 - with sanitize} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
catch {
r restore key 0 $corrupt_payload_7445
} err
assert_match " * B a d d a t a f o r m a t * " $err
2020-11-02 02:35:37 -05:00
verify_log_message 0 " * i n t e g r i t y c h e c k f a i l e d * " 0
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: # 7445 - without sanitize - 1 } {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r restore key 0 $corrupt_payload_7445
catch { r lindex key 2 }
2020-08-14 09:05:34 -04:00
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: # 7445 - without sanitize - 2 } {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r restore key 0 $corrupt_payload_7445
catch { r lset key 2 " B E E F " }
2020-08-14 09:05:34 -04:00
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: hash with valid zip list header, invalid entry len} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
r restore key 0 " \x 0 D \x 1 B \x 1 B \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 4 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 4 \x 0 2 \x 6 2 \x 0 0 \x 0 4 \x 1 4 \x 6 3 \x 0 0 \x 0 4 \x 0 2 \x 6 4 \x 0 0 \x F F \x 0 9 \x 0 0 \x D 9 \x 1 0 \x 5 4 \x 9 2 \x 1 5 \x F 5 \x 5 F \x 5 2 "
r config set hash-max-ziplist-entries 1
catch { r hset key b b}
verify_log_message 0 " * z i p E n t r y S a f e * " 0
}
}
test { corrupt payload: invalid zlbytes header} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
catch {
r restore key 0 " \x 0 D \x 1 B \x 2 5 \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 4 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 4 \x 0 2 \x 6 2 \x 0 0 \x 0 4 \x 0 2 \x 6 3 \x 0 0 \x 0 4 \x 0 2 \x 6 4 \x 0 0 \x F F \x 0 9 \x 0 0 \x B 7 \x F 7 \x 6 E \x 9 F \x 4 3 \x 4 3 \x 1 4 \x C 6 "
} err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: valid zipped hash header, dup records} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
r restore key 0 " \x 0 D \x 1 B \x 1 B \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 4 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 4 \x 0 2 \x 6 2 \x 0 0 \x 0 4 \x 0 2 \x 6 1 \x 0 0 \x 0 4 \x 0 2 \x 6 4 \x 0 0 \x F F \x 0 9 \x 0 0 \x A 1 \x 9 8 \x 3 6 \x 7 8 \x C C \x 8 E \x 9 3 \x 2 E "
r config set hash-max-ziplist-entries 1
# cause an assertion when converting to hash table
catch { r hset key b b}
verify_log_message 0 " * z i p l i s t w i t h d u p e l e m e n t s d u m p * " 0
}
}
test { corrupt payload: quicklist big ziplist prev len} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
r restore key 0 " \x 0 E \x 0 1 \x 1 3 \x 1 3 \x 0 0 \x 0 0 \x 0 0 \x 0 E \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 E \x 0 2 \x 6 2 \x 0 0 \x F F \x 0 9 \x 0 0 \x 4 9 \x 9 7 \x 3 0 \x B 2 \x 0 D \x A 1 \x E D \x A A "
catch { r lindex key - 2 }
2020-08-14 09:05:34 -04:00
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: quicklist small ziplist prev len} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
catch {
r restore key 0 " \x 0 E \x 0 1 \x 1 3 \x 1 3 \x 0 0 \x 0 0 \x 0 0 \x 0 E \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 2 \x 0 2 \x 6 2 \x 0 0 \x F F \x 0 9 \x 0 0 \x C 7 \x 7 1 \x 0 3 \x 9 7 \x 0 7 \x 7 5 \x B 0 \x 6 3 "
} err
assert_match " * B a d d a t a f o r m a t * " $err
2020-11-02 02:35:37 -05:00
verify_log_message 0 " * i n t e g r i t y c h e c k f a i l e d * " 0
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: quicklist ziplist wrong count} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
r restore key 0 " \x 0 E \x 0 1 \x 1 3 \x 1 3 \x 0 0 \x 0 0 \x 0 0 \x 0 E \x 0 0 \x 0 0 \x 0 0 \x 0 3 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 4 \x 0 2 \x 6 2 \x 0 0 \x F F \x 0 9 \x 0 0 \x 4 D \x E 2 \x 0 A \x 2 F \x 0 8 \x 2 5 \x D F \x 9 1 "
2020-08-14 09:05:34 -04:00
# we'll be able to push, but iterating on the list will assert
r lpush key header
r rpush key footer
catch { [ r lrange key - 1 - 1 ] }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: # 3080 - quicklist} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
catch {
r RESTORE key 0 " \x 0 E \x 0 1 \x 8 0 \x 0 0 \x 0 0 \x 0 0 \x 1 0 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 0 2 \x 0 0 \x 0 0 \x 8 0 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 0 7 \x 0 0 \x 0 3 \x C 7 \x 1 D \x E F \x 5 4 \x 6 8 \x C C \x F 3 "
2020-08-14 09:05:34 -04:00
r DUMP key ; # DUMP was used in the original issue, but now even with shallow sanitization restore safely fails, so this is dead code
} err
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
assert_match " * B a d d a t a f o r m a t * " $err
2020-11-02 02:35:37 -05:00
verify_log_message 0 " * i n t e g r i t y c h e c k f a i l e d * " 0
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: # 3080 - ziplist} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
# shallow sanitization is enough for restore to safely reject the payload with wrong size
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
catch {
r RESTORE key 0 " \x 0 A \x 8 0 \x 0 0 \x 0 0 \x 0 0 \x 1 0 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 0 2 \x 0 0 \x 0 0 \x 8 0 \x 4 1 \x 4 1 \x 4 1 \x 4 1 \x 0 7 \x 0 0 \x 3 9 \x 5 B \x 4 9 \x E 0 \x C 1 \x C 6 \x D D \x 7 6 "
2020-08-14 09:05:34 -04:00
} err
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
assert_match " * B a d d a t a f o r m a t * " $err
2020-11-02 02:35:37 -05:00
verify_log_message 0 " * i n t e g r i t y c h e c k f a i l e d * " 0
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: load corrupted rdb with no CRC - # 3505 } {
set server_path [ tmpdir " s e r v e r . r d b - c o r r u p t i o n - t e s t " ]
exec cp tests/ assets/ corrupt_ziplist.rdb $server_path
2020-08-14 09:05:34 -04:00
set srv [ start_server [ list overrides [ list " d i r " $server_path " d b f i l e n a m e " " c o r r u p t _ z i p l i s t . r d b " loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no sanitize-dump-payload no] ] ]
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
# wait for termination
wait_for_condition 100 50 {
! [ is_alive $srv ]
} else {
fail " r d b l o a d i n g d i d n ' t f a i l "
}
set stdout [ dict get $srv stdout]
assert_equal [ count_message_lines $stdout " T e r m i n a t i n g s e r v e r a f t e r r d b f i l e r e a d i n g f a i l u r e . " ] 1
2020-11-02 02:35:37 -05:00
assert_lessthan 1 [ count_message_lines $stdout " i n t e g r i t y c h e c k f a i l e d " ]
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
kill_server $srv ; # let valgrind look for issues
}
test { corrupt payload: listpack invalid size header} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
catch {
r restore key 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 4 0 \x 5 5 \x 5 F \x 0 0 \x 0 0 \x 0 0 \x 0 F \x 0 0 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 2 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 8 \x 0 1 \x F F \x 0 A \x 0 1 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 4 5 \x 9 1 \x 0 A \x 8 7 \x 2 F \x A 5 \x F 9 \x 2 E "
} err
assert_match " * B a d d a t a f o r m a t * " $err
verify_log_message 0 " * S t r e a m l i s t p a c k i n t e g r i t y c h e c k f a i l e d * " 0
}
}
test { corrupt payload: listpack too long entry len} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
r restore key 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 4 0 \x 5 5 \x 5 5 \x 0 0 \x 0 0 \x 0 0 \x 0 F \x 0 0 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 2 \x 8 9 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 8 \x 0 1 \x F F \x 0 A \x 0 1 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 4 0 \x 6 3 \x C 9 \x 3 7 \x 0 3 \x A 2 \x E 5 \x 6 8 "
catch {
r xinfo stream key full
} err
2020-08-14 09:05:34 -04:00
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: listpack very long entry len} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
2020-08-14 09:05:34 -04:00
r config set sanitize-dump-payload no
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
r restore key 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 4 0 \x 5 5 \x 5 5 \x 0 0 \x 0 0 \x 0 0 \x 0 F \x 0 0 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 2 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 9 C \x 6 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 8 \x 0 1 \x F F \x 0 A \x 0 1 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 6 3 \x 6 F \x 4 2 \x 8 E \x 7 C \x B 5 \x A 2 \x 9 D "
catch {
r xinfo stream key full
} err
2020-08-14 09:05:34 -04:00
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
}
}
test { corrupt payload: listpack too long entry prev len} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
catch {
r restore key 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 4 0 \x 5 5 \x 5 5 \x 0 0 \x 0 0 \x 0 0 \x 0 F \x 0 0 \x 0 1 \x 0 1 \x 0 0 \x 1 5 \x 0 2 \x 0 1 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 2 \x 8 8 \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 3 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 8 8 \x 6 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 8 \x 0 1 \x F F \x 0 A \x 0 1 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 0 6 \x F B \x 4 4 \x 2 4 \x 0 A \x 8 E \x 7 5 \x E A "
} err
assert_match " * B a d d a t a f o r m a t * " $err
verify_log_message 0 " * S t r e a m l i s t p a c k i n t e g r i t y c h e c k f a i l e d * " 0
}
}
2020-11-02 02:35:37 -05:00
test { corrupt payload: hash ziplist with duplicate records} {
# when we do perform full sanitization, we expect duplicate records to fail the restore
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _hash 0 " \x 0 D \x 3 D \x 3 D \x 0 0 \x 0 0 \x 0 0 \x 3 A \x 0 0 \x 0 0 \x 0 0 \x 1 4 \x 1 3 \x 0 0 \x F 5 \x 0 2 \x F 5 \x 0 2 \x F 2 \x 0 2 \x 5 3 \x 5 F \x 3 1 \x 0 4 \x F 3 \x 0 2 \x F 3 \x 0 2 \x F 7 \x 0 2 \x F 7 \x 0 2 \x F 8 \x 0 2 \x 0 2 \x 5 F \x 3 7 \x 0 4 \x F 1 \x 0 2 \x F 1 \x 0 2 \x F 6 \x 0 2 \x 0 2 \x 5 F \x 3 5 \x 0 4 \x F 4 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x 0 4 \x F A \x 0 2 \x 0 2 \x 5 F \x 3 9 \x 0 4 \x F 9 \x 0 2 \x F 9 \x F F \x 0 9 \x 0 0 \x B 5 \x 4 8 \x D E \x 6 2 \x 3 1 \x D 0 \x E 5 \x 6 3 " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: hash ziplist uneven record count} {
# when we do perform full sanitization, we expect duplicate records to fail the restore
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _hash 0 " \r \x 1 b \x 1 b \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 4 \x 0 0 \x 0 0 \x 0 2 a \x 0 0 \x 0 4 \x 0 2 b \x 0 0 \x 0 4 \x 0 2 a \x 0 0 \x 0 4 \x 0 2 d \x 0 0 \x f f \t \x 0 0 \x a 1 \x 9 8 \x 3 6 x \x c c \x 8 e \x 9 3 \x 2 e " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: hash dupliacte records} {
# when we do perform full sanitization, we expect duplicate records to fail the restore
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _hash 0 " \x 0 4 \x 0 2 \x 0 1 a \x 0 1 b \x 0 1 a \x 0 1 d \t \x 0 0 \x c 6 \x 9 c \x a b \x b c \b k \x 0 c \x 0 6 " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
2020-08-14 09:05:34 -04:00
test { corrupt payload: fuzzer findings - NPD in streamIteratorGetID} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch {
r RESTORE key 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x B D \x 6 8 \x 4 8 \x 7 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 3 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 4 8 \x 0 1 \x F F \x 0 3 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x B D \x 6 8 \x 4 8 \x 7 1 \x 0 2 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x B D \x 6 8 \x 4 8 \x 7 1 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x B D \x 6 8 \x 4 8 \x 7 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 7 2 \x 4 8 \x 6 8 \x B D \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x 7 2 \x 4 8 \x 6 8 \x B D \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x B D \x 6 8 \x 4 8 \x 7 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 8 0 \x C D \x B 0 \x D 5 \x 1 A \x C E \x F F \x 1 0 "
r XREVRANGE key 725 233
}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - listpack NPD on invalid stream} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch {
r RESTORE _stream 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D C \x B 6 \x 6 B \x F 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 3 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 1 F \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 6 D \x 5 F \x 3 1 \x 0 3 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 2 9 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 0 5 \x 0 1 \x F F \x 0 3 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D C \x B 6 \x 6 C \x 1 A \x 0 0 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D C \x B 6 \x 6 B \x F 1 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D C \x B 6 \x 6 B \x F 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 B \x 6 C \x B 6 \x D C \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x 3 D \x 6 C \x B 6 \x D C \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D C \x B 6 \x 6 B \x F 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x C 7 \x 7 D \x 1 C \x D 7 \x 0 4 \x F F \x E 6 \x 9 D "
r XREAD STREAMS _stream 519389898758
}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - NPD in quicklistIndex} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch {
r RESTORE key 0 " \x 0 E \x 0 1 \x 1 3 \x 1 3 \x 0 0 \x 0 0 \x 0 0 \x 1 0 \x 0 0 \x 0 0 \x 0 0 \x 0 3 \x 1 2 \x 0 0 \x F 3 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x F 1 \x F F \x 0 9 \x 0 0 \x C 9 \x 4 B \x 3 1 \x F E \x 6 1 \x C 0 \x 9 6 \x F E "
r LSET key 290 290
}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - invalid read in ziplistFind} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch {
r RESTORE key 0 " \x 0 D \x 1 9 \x 1 9 \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 6 \x 0 0 \x 0 0 \x F 1 \x 0 2 \x F 1 \x 0 2 \x F 2 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x 9 9 \x 0 2 \x F 3 \x F F \x 0 9 \x 0 0 \x C 5 \x B 8 \x 1 0 \x C 0 \x 8 A \x F 9 \x 1 6 \x D F "
r HEXISTS key - 688319650333
}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - invalid ziplist encoding} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch {
r RESTORE _listbig 0 " \x 0 E \x 0 2 \x 1 B \x 1 B \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 5 \x 0 0 \x 0 0 \x 0 2 \x 5 F \x 3 9 \x 0 4 \x F 9 \x 0 2 \x 8 6 \x 5 F \x 3 7 \x 0 4 \x F 7 \x 0 2 \x 0 2 \x 5 F \x 3 5 \x F F \x 1 9 \x 1 9 \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 5 \x 0 0 \x 0 0 \x F 5 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x 0 4 \x F 3 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x F 1 \x F F \x 0 9 \x 0 0 \x 0 C \x F C \x 9 9 \x 2 C \x 2 3 \x 4 5 \x 1 5 \x 6 0 "
} err
assert_match " * B a d d a t a f o r m a t * " $err
2020-11-02 02:35:37 -05:00
verify_log_message 0 " * i n t e g r i t y c h e c k f a i l e d * " 0
2020-08-14 09:05:34 -04:00
}
}
test { corrupt payload: fuzzer findings - hash crash} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
r RESTORE _hash 0 " \x 0 D \x 1 9 \x 1 9 \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 6 \x 0 0 \x 0 0 \x F 1 \x 0 2 \x F 1 \x 0 2 \x F 2 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x F 3 \x 0 2 \x F 3 \x F F \x 0 9 \x 0 0 \x 3 8 \x B 8 \x 1 0 \x C 0 \x 8 A \x F 9 \x 1 6 \x D F "
r HSET _hash 394891450 1635910264
r HMGET _hash 887312884855
}
}
test { corrupt payload: fuzzer findings - uneven entry count in hash} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _hashbig 0 " \x 0 D \x 3 D \x 3 D \x 0 0 \x 0 0 \x 0 0 \x 3 8 \x 0 0 \x 0 0 \x 0 0 \x 1 4 \x 0 0 \x 0 0 \x F 2 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x 1 C \x 0 2 \x F 7 \x 0 2 \x F 1 \x 0 2 \x F 1 \x 0 2 \x F 5 \x 0 2 \x F 5 \x 0 2 \x F 4 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x 0 4 \x F 6 \x 0 2 \x 0 2 \x 5 F \x 3 5 \x 0 4 \x F 8 \x 0 2 \x 0 2 \x 5 F \x 3 7 \x 0 4 \x F 9 \x 0 2 \x F 9 \x 0 2 \x F 3 \x 0 2 \x F 3 \x 0 2 \x F A \x 0 2 \x 0 2 \x 5 F \x 3 9 \x F F \x 0 9 \x 0 0 \x 7 3 \x B 7 \x 6 8 \x C 8 \x 9 7 \x 2 4 \x 8 E \x 8 8 "
catch { r HSCAN _hashbig - 250 }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - invalid read in lzf_decompress} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch { r RESTORE _setbig 0 " \x 0 2 \x 0 3 \x 0 2 \x 5 F \x 3 1 \x C 0 \x 0 2 \x C 3 \x 0 0 \x 0 9 \x 0 0 \x E 6 \x D C \x 7 6 \x 4 4 \x F F \x E B \x 3 D \x F E " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: fuzzer findings - leak in rdbloading due to dup entry in set} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch { r RESTORE _setbig 0 " \x 0 2 \x 0 A \x 0 2 \x 5 F \x 3 9 \x C 0 \x 0 6 \x 0 2 \x 5 F \x 3 1 \x C 0 \x 0 0 \x C 0 \x 0 4 \x 0 2 \x 5 F \x 3 5 \x C 0 \x 0 2 \x C 0 \x 0 8 \x 0 2 \x 5 F \x 3 1 \x 0 2 \x 5 F \x 3 3 \x 0 9 \x 0 0 \x 7 A \x 5 A \x F B \x 9 0 \x 3 A \x E 9 \x 3 C \x B E " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: fuzzer findings - empty intset div by zero} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _setbig 0 " \x 0 2 \x C 0 \x C 0 \x 0 6 \x 0 2 \x 5 F \x 3 9 \x C 0 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x C 0 \x 0 0 \x 0 2 \x 5 F \x 3 1 \x C 0 \x 0 4 \x C 0 \x 0 8 \x 0 2 \x 5 F \x 3 7 \x 0 2 \x 5 F \x 3 5 \x 0 9 \x 0 0 \x C 5 \x D 4 \x 6 D \x B A \x A D \x 1 4 \x B 7 \x E 7 "
catch { r SRANDMEMBER _setbig }
}
}
test { corrupt payload: fuzzer findings - valgrind ziplist - crash report prints freed memory} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _zsetbig 0 " \x 0 C \x 3 D \x 3 D \x 0 0 \x 0 0 \x 0 0 \x 3 A \x 0 0 \x 0 0 \x 0 0 \x 1 4 \x 0 0 \x 0 0 \x F 1 \x 0 2 \x F 1 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x F 2 \x 0 2 \x F 3 \x 0 2 \x F 3 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x 0 4 \x F 4 \x 0 2 \x E E \x 0 2 \x F 5 \x 0 2 \x 0 2 \x 5 F \x 3 5 \x 0 4 \x F 6 \x 0 2 \x F 7 \x 0 2 \x F 7 \x 0 2 \x 0 2 \x 5 F \x 3 7 \x 0 4 \x F 8 \x 0 2 \x F 9 \x 0 2 \x F 9 \x 0 2 \x 0 2 \x 5 F \x 3 9 \x 0 4 \x F A \x F F \x 0 9 \x 0 0 \x A E \x F 9 \x 7 7 \x 2 A \x 4 7 \x 2 4 \x 3 3 \x F 6 "
catch { r ZREMRANGEBYSCORE _zsetbig - 1050966020 724 }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - valgrind ziplist prevlen reaches outside the ziplist} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _listbig 0 " \x 0 E \x 0 2 \x 1 B \x 1 B \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 5 \x 0 0 \x 0 0 \x 0 2 \x 5 F \x 3 9 \x 0 4 \x F 9 \x 0 2 \x 0 2 \x 5 F \x 3 7 \x 0 4 \x F 7 \x 0 2 \x 0 2 \x 5 F \x 3 5 \x F F \x 1 9 \x 1 9 \x 0 0 \x 0 0 \x 0 0 \x 1 6 \x 0 0 \x 0 0 \x 0 0 \x 0 5 \x 0 0 \x 0 0 \x F 5 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x 0 4 \x F 3 \x 9 5 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x F 1 \x F F \x 0 9 \x 0 0 \x 0 C \x F C \x 9 9 \x 2 C \x 2 3 \x 4 5 \x 1 5 \x 6 0 "
catch { r RPOP _listbig }
catch { r RPOP _listbig }
catch { r RPUSH _listbig 949682325 }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - valgrind - bad rdbLoadDoubleValue} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch { r RESTORE _list 0 " \x 0 3 \x 0 1 \x 1 1 \x 1 1 \x 0 0 \x 0 0 \x 0 0 \x 0 A \x 0 0 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x D 0 \x 0 7 \x 1 A \x E 9 \x 0 2 \x F F \x 0 9 \x 0 0 \x 1 A \x 0 6 \x 0 7 \x 3 2 \x 4 1 \x 2 8 \x 3 A \x 4 6 " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: fuzzer findings - valgrind ziplist prev too big} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _list 0 " \x 0 E \x 0 1 \x 1 3 \x 1 3 \x 0 0 \x 0 0 \x 0 0 \x 1 0 \x 0 0 \x 0 0 \x 0 0 \x 0 3 \x 0 0 \x 0 0 \x F 3 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x C 1 \x F 1 \x F F \x 0 9 \x 0 0 \x C 9 \x 4 B \x 3 1 \x F E \x 6 1 \x C 0 \x 9 6 \x F E "
catch { r RPUSHX _list - 45 }
catch { r LREM _list - 748 - 840 }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - lzf decompression fails, avoid valgrind invalid read} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch { r RESTORE _stream 0 " \x 0 F \x 0 2 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D D \x A A \x 2 A \x B 9 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x C 3 \x 4 0 \x 4 B \x 4 0 \x 5 C \x 1 8 \x 5 C \x 0 0 \x 0 0 \x 0 0 \x 2 4 \x 0 0 \x 0 5 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 4 0 \x 1 0 \x 0 0 \x 0 0 \x 2 0 \x 0 1 \x 0 0 \x 0 1 \x 2 0 \x 0 3 \x 0 0 \x 0 5 \x 2 0 \x 1 C \x 4 0 \x 0 7 \x 0 5 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x 8 0 \x 0 D \x 4 0 \x 0 0 \x 0 0 \x 0 2 \x 6 0 \x 1 9 \x 4 0 \x 2 7 \x 4 0 \x 1 9 \x 0 0 \x 3 3 \x 6 0 \x 1 9 \x 4 0 \x 2 9 \x 0 2 \x 0 1 \x 0 1 \x 0 4 \x 2 0 \x 1 9 \x 0 0 \x F F \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D D \x A A \x 2 A \x B C \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x C 3 \x 4 0 \x 4 D \x 4 0 \x 5 E \x 1 8 \x 5 E \x 0 0 \x 0 0 \x 0 0 \x 2 4 \x 0 0 \x 0 5 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 4 0 \x 1 0 \x 0 0 \x 0 0 \x 2 0 \x 0 1 \x 0 6 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 5 \x 0 3 \x 0 5 \x 2 0 \x 1 E \x 1 7 \x 0 B \x 0 3 \x 0 1 \x 0 1 \x 0 6 \x 0 1 \x 4 0 \x 0 B \x 0 0 \x 0 1 \x 6 0 \x 0 D \x 0 2 \x 8 2 \x 5 F \x 3 7 \x 6 0 \x 1 9 \x 8 0 \x 0 0 \x 0 0 \x 0 8 \x 6 0 \x 1 9 \x 8 0 \x 2 7 \x 0 2 \x 8 2 \x 5 F \x 3 9 \x 2 0 \x 1 9 \x 0 0 \x F F \x 0 A \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D D \x A A \x 2 A \x B E \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 2 1 \x 8 5 \x 7 7 \x 4 3 \x 7 1 \x 7 B \x 1 7 \x 8 8 " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: fuzzer findings - stream bad lp_count} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _stream 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 3 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 5 6 \x 0 1 \x 0 2 \x 0 1 \x 2 2 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 2 C \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 0 5 \x 0 1 \x F F \x 0 3 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x C 7 \x 0 0 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x F 9 \x 7 D \x D F \x D E \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x E B \x 7 D \x D F \x D E \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x B 2 \x A 8 \x A 7 \x 5 F \x 1 B \x 6 1 \x 7 2 \x D 5 " } err
assert_match " * B a d d a t a f o r m a t * " $err
r ping
}
}
test { corrupt payload: fuzzer findings - stream bad lp_count - unsanitized} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _stream 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 3 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 5 6 \x 0 1 \x 0 2 \x 0 1 \x 2 2 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 2 C \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 0 5 \x 0 1 \x F F \x 0 3 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x C 7 \x 0 0 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x F 9 \x 7 D \x D F \x D E \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x E B \x 7 D \x D F \x D E \x 7 3 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 3 \x D E \x D F \x 7 D \x 9 B \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x B 2 \x A 8 \x A 7 \x 5 F \x 1 B \x 6 1 \x 7 2 \x D 5 "
catch { r XREVRANGE _stream 638932639 738 }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - stream integrity check issue} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _stream 0 " \x 0 F \x 0 2 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 2 D \x A 2 \x 9 0 \x 6 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x C 3 \x 4 0 \x 4 F \x 4 0 \x 5 C \x 1 8 \x 5 C \x 0 0 \x 0 0 \x 0 0 \x 2 4 \x 0 0 \x 0 5 \x 0 1 \x 0 0 \x 0 1 \x 4 A \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 4 0 \x 1 0 \x 0 0 \x 0 0 \x 2 0 \x 0 1 \x 0 0 \x 0 1 \x 2 0 \x 0 3 \x 0 0 \x 0 5 \x 2 0 \x 1 C \x 4 0 \x 0 9 \x 0 5 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x 8 0 \x 0 D \x 0 0 \x 0 2 \x 2 0 \x 0 D \x 0 0 \x 0 2 \x A 0 \x 1 9 \x 0 0 \x 0 3 \x 2 0 \x 0 B \x 0 2 \x 8 2 \x 5 F \x 3 3 \x A 0 \x 1 9 \x 0 0 \x 0 4 \x 2 0 \x 0 D \x 0 0 \x 0 4 \x 2 0 \x 1 9 \x 0 0 \x F F \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 2 D \x A 2 \x 9 0 \x 6 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 5 \x C 3 \x 4 0 \x 5 6 \x 4 0 \x 6 0 \x 1 8 \x 6 0 \x 0 0 \x 0 0 \x 0 0 \x 2 4 \x 0 0 \x 0 5 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 4 0 \x 1 0 \x 0 0 \x 0 0 \x 2 0 \x 0 1 \x 0 6 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 5 \x 0 3 \x 0 5 \x 2 0 \x 1 E \x 4 0 \x 0 B \x 0 3 \x 0 1 \x 0 1 \x 0 6 \x 0 1 \x 8 0 \x 0 B \x 0 0 \x 0 2 \x 2 0 \x 0 B \x 0 2 \x 8 2 \x 5 F \x 3 7 \x 6 0 \x 1 9 \x 0 3 \x 0 1 \x 0 1 \x D F \x F B \x 2 0 \x 0 5 \x 0 0 \x 0 8 \x 6 0 \x 1 A \x 2 0 \x 0 C \x 0 0 \x F C \x 2 0 \x 0 5 \x 0 2 \x 8 2 \x 5 F \x 3 9 \x 2 0 \x 1 B \x 0 0 \x F F \x 0 A \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 2 D \x A 2 \x 9 0 \x 6 8 \x 0 1 \x 0 0 \x 0 9 \x 0 0 \x 1 D \x 6 F \x C 0 \x 6 9 \x 8 A \x D E \x F 7 \x 9 2 " } err
assert_match " * B a d d a t a f o r m a t * " $err
}
}
test { corrupt payload: fuzzer findings - infinite loop} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _stream 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 3 A \x A 6 \x D 0 \x 9 3 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 3 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x F D \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 0 5 \x 0 1 \x F F \x 0 3 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 3 A \x A 6 \x D 0 \x 9 3 \x 0 2 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 3 A \x A 6 \x D 0 \x 9 3 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 3 A \x A 6 \x D 0 \x 9 3 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 9 4 \x D 0 \x A 6 \x 3 A \x 7 5 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x 9 4 \x D 0 \x A 6 \x 3 A \x 7 5 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x 3 A \x A 6 \x D 0 \x 9 3 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x C 4 \x 0 9 \x A D \x 6 9 \x 7 E \x E E \x A 6 \x 2 F "
catch { r XREVRANGE _stream 288270516 971031845 }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
2020-11-02 02:35:37 -05:00
test { corrupt payload: fuzzer findings - hash convert asserts on RESTORE with shallow sanitization} {
# if we don't perform full sanitization, and the next command can assert on converting
# a ziplist to hash records, then we're ok with that happning in RESTORE too
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch { r RESTORE _hash 0 " \x 0 D \x 3 D \x 3 D \x 0 0 \x 0 0 \x 0 0 \x 3 A \x 0 0 \x 0 0 \x 0 0 \x 1 4 \x 1 3 \x 0 0 \x F 5 \x 0 2 \x F 5 \x 0 2 \x F 2 \x 0 2 \x 5 3 \x 5 F \x 3 1 \x 0 4 \x F 3 \x 0 2 \x F 3 \x 0 2 \x F 7 \x 0 2 \x F 7 \x 0 2 \x F 8 \x 0 2 \x 0 2 \x 5 F \x 3 7 \x 0 4 \x F 1 \x 0 2 \x F 1 \x 0 2 \x F 6 \x 0 2 \x 0 2 \x 5 F \x 3 5 \x 0 4 \x F 4 \x 0 2 \x 0 2 \x 5 F \x 3 3 \x 0 4 \x F A \x 0 2 \x 0 2 \x 5 F \x 3 9 \x 0 4 \x F 9 \x 0 2 \x F 9 \x F F \x 0 9 \x 0 0 \x B 5 \x 4 8 \x D E \x 6 2 \x 3 1 \x D 0 \x E 5 \x 6 3 " }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
2020-11-22 14:22:49 -05:00
test { corrupt payload: OOM in rdbGenericLoadStringObject} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
catch { r RESTORE x 0 " \x 0 A \x 8 1 \x 7 F \x F F \x F F \x F F \x F F \x F F \x F F \x F F \x 1 3 \x 0 0 \x 0 0 \x 0 0 \x 0 E \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 2 \x 6 1 \x 0 0 \x 0 4 \x 0 2 \x 6 2 \x 0 0 \x F F \x 0 9 \x 0 0 \x 5 7 \x 0 4 \x E 5 \x C D \x D 4 \x 3 7 \x 6 C \x 5 7 " } err
assert_match " * B a d d a t a f o r m a t * " $err
r ping
}
}
test { corrupt payload: fuzzer findings - OOM in dictExpand} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
catch { r RESTORE x 0 " \x 0 2 \x 8 1 \x 0 2 \x 5 F \x 3 1 \x C 0 \x 0 0 \x C 0 \x 0 2 \x 0 9 \x 0 0 \x C D \x 8 4 \x 2 C \x B 7 \x E 8 \x A 4 \x 4 9 \x 5 7 " } err
assert_match " * B a d d a t a f o r m a t * " $err
r ping
}
}
2020-08-14 09:05:34 -04:00
test { corrupt payload: fuzzer findings - invalid tail offset after removal} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _zset 0 " \x 0 C \x 1 9 \x 1 9 \x 0 0 \x 0 0 \x 0 0 \x 0 2 \x 0 0 \x 0 0 \x 0 0 \x 0 6 \x 0 0 \x 0 0 \x F 1 \x 0 2 \x F 1 \x 0 2 \x 0 2 \x 5 F \x 3 1 \x 0 4 \x F 2 \x 0 2 \x F 3 \x 0 2 \x F 3 \x F F \x 0 9 \x 0 0 \x 4 D \x 7 2 \x 7 B \x 9 7 \x C D \x 9 A \x 7 0 \x C 1 "
catch { r ZPOPMIN _zset}
catch { r ZPOPMAX _zset}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - negative reply length} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r RESTORE _stream 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x C F \x A 1 \x 1 6 \x A 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 3 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 1 \x 0 1 \x 1 4 \x 5 F \x 3 1 \x 0 3 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 0 5 \x 0 1 \x F F \x 0 3 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x C F \x A 1 \x 1 6 \x A 7 \x 0 2 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x C F \x A 1 \x 1 6 \x A 7 \x 0 1 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x C F \x A 1 \x 1 6 \x A 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 1 \x A 7 \x 1 6 \x A 1 \x C F \x 7 5 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x A 7 \x 1 6 \x A 1 \x C F \x 7 5 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 5 \x C F \x A 1 \x 1 6 \x A 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 1 \x 0 9 \x 0 0 \x 1 B \x 4 2 \x 5 2 \x B 8 \x D D \x 5 C \x E 5 \x 4 E "
catch { r XADD _stream * - 956 - 2601503852 }
catch { r XINFO STREAM _stream FULL}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
test { corrupt payload: fuzzer findings - valgrind negative malloc} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _key 0 " \x 0 E \x 0 1 \x 8 1 \x D 6 \x D 6 \x 0 0 \x 0 0 \x 0 0 \x 0 A \x 0 0 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 4 0 \x C 8 \x 6 F \x 2 F \x 3 6 \x E 2 \x D F \x E 3 \x 2 E \x 2 6 \x 6 4 \x 8 B \x 8 7 \x D 1 \x 7 A \x B D \x F F \x E F \x E F \x 6 3 \x 6 5 \x F 6 \x F 8 \x 8 C \x 4 E \x E C \x 9 6 \x 8 9 \x 5 6 \x 8 8 \x F 8 \x 3 D \x 9 6 \x 5 A \x 3 2 \x B D \x D 1 \x 3 6 \x D 8 \x 0 2 \x E 6 \x 6 6 \x 3 7 \x C B \x 3 4 \x 3 4 \x C 4 \x 5 2 \x A 7 \x 2 A \x D 5 \x 6 F \x 2 F \x 7 E \x E E \x A 2 \x 9 4 \x D 9 \x E B \x A 9 \x 0 9 \x 3 8 \x 3 B \x E 1 \x A 9 \x 6 0 \x B 6 \x 4 E \x 0 9 \x 4 4 \x 1 F \x 7 0 \x 2 4 \x A A \x 4 7 \x A 8 \x 6 E \x 3 0 \x E 1 \x 1 3 \x 4 9 \x 4 E \x A 1 \x 9 2 \x C 4 \x 6 C \x F 0 \x 3 5 \x 8 3 \x D 9 \x 4 F \x D 9 \x 9 C \x 0 A \x 0 D \x 7 A \x E 7 \x B 1 \x 6 1 \x F 5 \x C 1 \x 2 D \x D C \x C 3 \x 0 E \x 8 7 \x A 6 \x 8 0 \x 1 5 \x 1 8 \x B A \x 7 F \x 7 2 \x D D \x 1 4 \x 7 5 \x 4 6 \x 4 4 \x 0 B \x C A \x 9 C \x 8 F \x 1 C \x 3 C \x D 7 \x D A \x 0 6 \x 6 2 \x 1 8 \x 7 E \x 1 5 \x 1 7 \x 2 4 \x A B \x 4 5 \x 2 1 \x 2 7 \x C 2 \x B C \x B B \x 8 6 \x 6 E \x D 8 \x B D \x 8 E \x 5 0 \x E 0 \x E 0 \x 8 8 \x A 4 \x 9 B \x 9 D \x 1 5 \x 2 A \x 9 8 \x F F \x 5 E \x 7 8 \x 6 C \x 8 1 \x F C \x A 8 \x C 9 \x C 8 \x E 6 \x 6 1 \x C 8 \x D 1 \x 4 A \x 7 F \x 8 1 \x D 6 \x A 6 \x 1 A \x A D \x 4 C \x C 1 \x A 2 \x 1 C \x 9 0 \x 6 8 \x 1 5 \x 2 A \x 8 A \x 3 6 \x C 0 \x 5 8 \x C 3 \x C C \x A 6 \x 5 4 \x 1 9 \x 1 2 \x 0 F \x E B \x 4 6 \x F F \x 6 E \x E 3 \x A 7 \x 9 2 \x F 8 \x F F \x 0 9 \x 0 0 \x D 0 \x 7 1 \x F 7 \x 9 F \x F 7 \x 6 A \x D 6 \x 2 E " } err
assert_match " * B a d d a t a f o r m a t * " $err
r ping
}
}
2020-12-14 10:10:31 -05:00
test { corrupt payload: fuzzer findings - valgrind invalid read} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
catch { r RESTORE _key 0 " \x 0 5 \x 0 A \x 0 2 \x 5 F \x 3 9 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 2 2 \x 4 0 \x C 0 \x 0 8 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 2 0 \x 4 0 \x 0 2 \x 5 F \x 3 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 1 C \x 4 0 \x C 0 \x 0 6 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 4 0 \x 0 2 \x 5 F \x 3 3 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 1 4 \x 4 0 \x C 0 \x 0 4 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 1 0 \x 4 0 \x 0 2 \x 5 F \x 3 3 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 8 \x 4 0 \x C 0 \x 0 2 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 0 2 \x 5 F \x 3 1 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x F 0 \x 3 F \x C 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x 3 C \x 6 6 \x D 7 \x 1 4 \x A 9 \x D A \x 3 C \x 6 9 " } err
assert_match " * B a d d a t a f o r m a t * " $err
r ping
}
}
2021-01-31 05:13:45 -05:00
test { corrupt payload: fuzzer findings - HRANDFIELD on bad ziplist} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload yes
r debug set-skip-checksum-validation 1
r RESTORE _int 0 " \x 0 4 \x C 0 \x 0 1 \x 0 9 \x 0 0 \x F 6 \x 8 A \x B 6 \x 7 A \x 8 5 \x 8 7 \x 7 2 \x 4 D "
catch { r HRANDFIELD _int}
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " A S S E R T I O N F A I L E D " ] 1
}
}
2021-03-24 05:33:49 -04:00
test { corrupt payload: fuzzer findings - stream with no records} {
start_server [ list overrides [ list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] {
r config set sanitize-dump-payload no
r debug set-skip-checksum-validation 1
r restore _stream 0 " \x 0 F \x 0 1 \x 1 0 \x 0 0 \x 0 0 \x 0 1 \x 7 8 \x 4 D \x 5 5 \x 6 8 \x 0 9 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 4 0 \x 4 2 \x 4 2 \x 0 0 \x 0 0 \x 0 0 \x 1 8 \x 0 0 \x 0 2 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 8 4 \x 6 9 \x 7 4 \x 6 5 \x 6 D \x 0 5 \x 8 5 \x 7 6 \x 6 1 \x 6 C \x 7 5 \x 6 5 \x 0 6 \x 0 0 \x 0 1 \x 0 2 \x 0 1 \x 0 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 0 \x 0 1 \x 0 5 \x 0 1 \x 0 3 \x 0 1 \x 3 E \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 8 2 \x 5 F \x 3 1 \x 0 3 \x 0 5 \x 0 1 \x 0 2 \x 0 1 \x 5 0 \x 0 1 \x 0 0 \x 0 1 \x 0 1 \x 0 1 \x 0 2 \x 0 1 \x 0 5 \x 2 3 \x F F \x 0 2 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 8 \x 4 D \x 5 5 \x 6 8 \x 5 9 \x 0 0 \x 0 1 \x 0 7 \x 6 D \x 7 9 \x 6 7 \x 7 2 \x 6 F \x 7 5 \x 7 0 \x 8 1 \x 0 0 \x 0 0 \x 0 1 \x 7 8 \x 4 D \x 5 5 \x 6 8 \x 4 7 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 8 \x 4 D \x 5 5 \x 6 8 \x 4 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 9 F \x 6 8 \x 5 5 \x 4 D \x 7 8 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 1 \x 0 5 \x 4 1 \x 6 C \x 6 9 \x 6 3 \x 6 5 \x 8 5 \x 6 8 \x 5 5 \x 4 D \x 7 8 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 0 0 \x 0 0 \x 0 1 \x 7 8 \x 4 D \x 5 5 \x 6 8 \x 4 7 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 0 \x 0 9 \x 0 0 \x F 1 \x C 0 \x 7 2 \x 7 0 \x 3 9 \x 4 0 \x 1 E \x A 9 " replace
catch { r XREAD STREAMS _stream $ }
assert_equal [ count_log_message 0 " c r a s h e d b y s i g n a l " ] 0
assert_equal [ count_log_message 0 " G u r u M e d i t a t i o n " ] 1
}
}
Sanitize dump payload: ziplist, listpack, zipmap, intset, stream
When loading an encoded payload we will at least do a shallow validation to
check that the size that's encoded in the payload matches the size of the
allocation.
This let's us later use this encoded size to make sure the various offsets
inside encoded payload don't reach outside the allocation, if they do, we'll
assert/panic, but at least we won't segfault or smear memory.
We can also do 'deep' validation which runs on all the records of the encoded
payload and validates that they don't contain invalid offsets. This lets us
detect corruptions early and reject a RESTORE command rather than accepting
it and asserting (crashing) later when accessing that payload via some command.
configuration:
- adding ACL flag skip-sanitize-payload
- adding config sanitize-dump-payload [yes/no/clients]
For now, we don't have a good way to ensure MIGRATE in cluster resharding isn't
being slowed down by these sanitation, so i'm setting the default value to `no`,
but later on it should be set to `clients` by default.
changes:
- changing rdbReportError not to `exit` in RESTORE command
- adding a new stat to be able to later check if cluster MIGRATE isn't being
slowed down by sanitation.
2020-08-13 09:41:05 -04:00
} ; # tags