From b0c8d6c227e172ec93d9b1f1c0f0ac49f8575a8f Mon Sep 17 00:00:00 2001
From: Guy Benoish <guy.benoish@redislabs.com>
Date: Mon, 28 Jan 2019 17:58:11 +0200
Subject: [PATCH] Increase string2ld's buffer size (and fix HINCRBYFLOAT)

The string representation of `long double` may take
up to ~5000 chars (see PR #3745).

Before this fix HINCRBYFLOAT would never overflow (since
the string could not exceed 256 chars). Now it can.
---
 src/t_hash.c | 4 ++++
 src/util.c   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/t_hash.c b/src/t_hash.c
index d8aee6572..bc70e4051 100644
--- a/src/t_hash.c
+++ b/src/t_hash.c
@@ -615,6 +615,10 @@ void hincrbyfloatCommand(client *c) {
     }
 
     value += incr;
+    if (isnan(value) || isinf(value)) {
+        addReplyError(c,"increment would produce NaN or Infinity");
+        return;
+    }
 
     char buf[MAX_LONG_DOUBLE_CHARS];
     int len = ld2string(buf,sizeof(buf),value,1);
diff --git a/src/util.c b/src/util.c
index 66d599190..783bcf83b 100644
--- a/src/util.c
+++ b/src/util.c
@@ -447,7 +447,7 @@ int string2l(const char *s, size_t slen, long *lval) {
  * a double: no spaces or other characters before or after the string
  * representing the number are accepted. */
 int string2ld(const char *s, size_t slen, long double *dp) {
-    char buf[256];
+    char buf[MAX_LONG_DOUBLE_CHARS];
     long double value;
     char *eptr;