From 1808618f5d1f0d9cd4df49fb05b67bcc83c7b0fb Mon Sep 17 00:00:00 2001 From: sundb Date: Sat, 4 Dec 2021 22:43:08 +0800 Subject: [PATCH] Santize dump payload: fix invalid listpack entry start with EOF (#9889) When an invalid listpack entry starts with EOF, we will skip it when we verify it in the loop. --- src/listpack.c | 4 ++++ tests/integration/corrupt-dump.tcl | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/src/listpack.c b/src/listpack.c index 9d412d07c..450976e2c 100644 --- a/src/listpack.c +++ b/src/listpack.c @@ -1318,6 +1318,10 @@ int lpValidateIntegrity(unsigned char *lp, size_t size, int deep, count++; } + /* Make sure 'p' really does point to the end of the listpack. */ + if (p != lp + size - 1) + return 0; + /* Check that the count in the header is correct */ if (numele != LP_HDR_NUMELE_UNKNOWN && numele != count) return 0; diff --git a/tests/integration/corrupt-dump.tcl b/tests/integration/corrupt-dump.tcl index cd08589b0..bc4dab56e 100644 --- a/tests/integration/corrupt-dump.tcl +++ b/tests/integration/corrupt-dump.tcl @@ -118,6 +118,15 @@ test {corrupt payload: quicklist encoded_len is 0} { } } +test {corrupt payload: quicklist listpack entry start with EOF} { + start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] { + r config set sanitize-dump-payload yes + catch { r restore _list 0 "\x12\x01\x02\x0b\x0b\x00\x00\x00\x01\x00\x81\x61\x02\xff\xff\x0a\x00\x7e\xd8\xde\x5b\x0d\xd7\x70\xb8" replace } err + assert_match "*Bad data format*" $err + r ping + } +} + test {corrupt payload: #3080 - ziplist} { start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] { # shallow sanitization is enough for restore to safely reject the payload with wrong size