Skip to content
This repository
Browse code

BITCOUNT: fix segmentation fault.

remove unsafe and unnecessary cast.
until now, this cast may lead segmentation fault when end > UINT_MAX

setbit foo 0 1
bitcount  0 4294967295
=> ok
bitcount  0 4294967296
=> cause segmentation fault.

Note by @antirez: the commit was modified a bit to also change the
string length type to long, since it's guaranteed to be at max 512 MB in
size, so we can work with the same type across all the code path.

A regression test was also added.
  • Loading branch information...
commit 749aac72ad980bf08b04655634590b80e2fd014c 1 parent 24bc807
trapezoid trapezoid authored committed

Showing 2 changed files with 8 additions and 3 deletions. Show diff stats Hide diff stats

  1. +2 3 src/bitops.c
  2. +6 0 tests/unit/bitops.tcl
5 src/bitops.c
@@ -327,10 +327,9 @@ void bitopCommand(redisClient *c) {
327 327 /* BITCOUNT key [start end] */
328 328 void bitcountCommand(redisClient *c) {
329 329 robj *o;
330   - long start, end;
  330 + long start, end, strlen;
331 331 unsigned char *p;
332 332 char llbuf[32];
333   - size_t strlen;
334 333
335 334 /* Lookup, check for type, and return 0 for non existing keys. */
336 335 if ((o = lookupKeyReadOrReply(c,c->argv[1],shared.czero)) == NULL ||
@@ -357,7 +356,7 @@ void bitcountCommand(redisClient *c) {
357 356 if (end < 0) end = strlen+end;
358 357 if (start < 0) start = 0;
359 358 if (end < 0) end = 0;
360   - if ((unsigned)end >= strlen) end = strlen-1;
  359 + if (end >= strlen) end = strlen-1;
361 360 } else if (c->argc == 2) {
362 361 /* The whole string. */
363 362 start = 0;
6 tests/unit/bitops.tcl
@@ -73,6 +73,12 @@ start_server {tags {"bitops"}} {
73 73 set e
74 74 } {ERR*syntax*}
75 75
  76 + test {BITCOUNT regression test for github issue #582} {
  77 + r del str
  78 + r setbit foo 0 1
  79 + r bitcount foo 0 4294967296
  80 + } {1}
  81 +
76 82 test {BITOP NOT (empty string)} {
77 83 r set s ""
78 84 r bitop not dest s

0 comments on commit 749aac7

Please sign in to comment.
Something went wrong with that request. Please try again.