Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"GETRANGE" & "SETRANGE" SEGFAULT #1844

Closed
lemook opened this issue Jun 29, 2014 · 2 comments
Closed

"GETRANGE" & "SETRANGE" SEGFAULT #1844

lemook opened this issue Jun 29, 2014 · 2 comments

Comments

@lemook
Copy link

lemook commented Jun 29, 2014

Ubuntu redis 2.8.4.

Seems to be a key length check fail. may leak contiguous keys. Key needs to be a certain size before "GETRANGE" is called. Post-mortem routine doesn't seem to complete (could be local resource issue).

Example:

set ts "00351701411834604692317316873037158841057290043003500430043003500350004300350043003500430043-800035004317014118346046923173168730371588410572965536327260043003500350043004300350035004300430043--32769004300439100351004300350043003500350035004300430035004365535004300350043004300350035003500430043004300430035003500350035004300430035004300350043003529200350035003510043171682612607010043003500350035003500430043004300430035003500430043010043129004300430035191284609150043004300430043004317014118346046923173168730371588410572842949673320043004300430043003542949672620043004300035003500430035004300350035003500430035184467440737095516170035100430043003500430043004300431846867804328831374500430043004300432550035004300430043--327680035327320043-20043004300430035340282366920938463463374607431768211457004300350035004300430043004300430043-2560043003500430035547801539746572457217068937993881-80043004300350043004300350035003500430035004300350043004350043003500350043003500350035000350043003500431003"
GETRANGE ts 0 4294967297

edit:

looks like "SETRANGE" is also affected:
set key10 "1234559"
SETRANGE key10 9223372036854775803 Redis
@badboy
Copy link
Contributor

badboy commented Jun 29, 2014

setrange returns "ERR string exceeds maximum allowed size (512MB)" for me, as it has the explicit size check. The docu explicitely tells this:

Note that the maximum offset that you can set is 229 -1 (536870911), as Redis Strings are limited to 512 megabytes. If you need to grow beyond this size, you can use multiple keys.

getrange segfaults for me even with a small string. The docu says it should handle it properly:

The function handles out of range requests by limiting the resulting range to the actual length of the string.

It fails at this check: https://github.com/antirez/redis/blob/unstable/src/t_string.c#L258
Removing the (unsigned) casting (or replacing it with (size_t) let's the check succeed and getrange work properly (sizeof(unsigned) == sizeof(int) == 4, sizeof(long)==sizeof(size_t)==8).

@badboy badboy mentioned this issue Jun 29, 2014
Closed
@lemook lemook changed the title "GETRANGE" SEGFAULT "GETRANGE" & "SETRANGE" SEGFAULT Jun 30, 2014
@lemook lemook mentioned this issue Jul 6, 2014
Closed
mattsta pushed a commit to mattsta/redis that referenced this issue Aug 2, 2014
@badboy @mattsta
Handle large getrange requests
f62cb0e 
Previously the end was casted to a smaller type
which resulted in a wrong check and failed
with values larger than handled by unsigned.

Closes redis#1847, redis#1844
@mattsta mattsta mentioned this issue Aug 2, 2014
Closed
mattsta pushed a commit to mattsta/redis that referenced this issue Aug 6, 2014
@badboy @mattsta
Handle large getrange requests
433093d 
Previously the end was casted to a smaller type
which resulted in a wrong check and failed
with values larger than handled by unsigned.

Closes redis#1847, redis#1844
antirez pushed a commit that referenced this issue Aug 7, 2014
@badboy @antirez
Handle large getrange requests
53fdfda 
Previously the end was casted to a smaller type
which resulted in a wrong check and failed
with values larger than handled by unsigned.

Closes #1847, #1844
@mattsta
Copy link
Contributor

mattsta commented Aug 25, 2014

Fixed by #1847 and f62cb0e

@mattsta mattsta closed this as completed Aug 25, 2014
antirez pushed a commit that referenced this issue Aug 26, 2014
@badboy @antirez
Handle large getrange requests
b7a4cfb 
Previously the end was casted to a smaller type
which resulted in a wrong check and failed
with values larger than handled by unsigned.

Closes #1847, #1844
antirez pushed a commit that referenced this issue Aug 27, 2014
@badboy @antirez
Handle large getrange requests
07b2779 
Previously the end was casted to a smaller type
which resulted in a wrong check and failed
with values larger than handled by unsigned.

Closes #1847, #1844
@cgtx cgtx mentioned this issue Sep 2, 2014
Closed
@JerichoHo JerichoHo mentioned this issue Feb 18, 2016
Closed
@verbus verbus mentioned this issue May 1, 2020
Open
@moria7757 moria7757 mentioned this issue Dec 29, 2020
Closed
@qq1052121189 qq1052121189 mentioned this issue Feb 7, 2021
Closed
@stefanschindler stefanschindler mentioned this issue Apr 20, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle huge ranges.
3 participants
@badboy @mattsta @lemook