Make sure that SELECT argument is an integer or return an error.

Unfortunately we had still the lame atoi() without any error checking in place, so "SELECT foo" would work as "SELECT 0". This was not an huge problem per se but some people expected that DB can be strings and not just numbers, and without errors you get the feeling that they can be numbers, but not the behavior. Now getLongFromObjectOrReply() is used as almost everybody else across the code, generating an error if the number is not an integer or overflows the long type. Thanks to @mipearson for reporting that on Twitter.
redis · Sep 11, 2012 · 3756e14 · 3756e14
1 parent 03a851e
commit 3756e14
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/db.c b/src/db.c
@@ -244,7 +244,11 @@ void existsCommand(redisClient *c) {
 }
 
 void selectCommand(redisClient *c) {
-    int id = atoi(c->argv[1]->ptr);
+    long id;
+
+    if (getLongFromObjectOrReply(c, c->argv[1], &id,
+        "invalid DB index") != REDIS_OK)
+        return;
 
     if (selectDb(c,id) == REDIS_ERR) {
         addReplyError(c,"invalid DB index");