New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix invalid read on corrupt ziplist #9831
Conversation
start_server [list overrides [list loglevel verbose use-exit-on-panic yes crash-memcheck-enabled no] ] { | ||
r debug set-skip-checksum-validation 1 | ||
r config set sanitize-dump-payload no | ||
r restore _listbig 0 "\x12\x02\x02\x1B\x1B\x00\x00\x00\x16\x00\x00\x00\x05\x00\x00\x02\x5F\x39\x04\xF9\x02\x02\x5F\x37\x04\xF7\x02\x02\x5F\x35\xFF\x02\x19\x19\x00\x00\x00\x16\x00\x00\x00\x05\x00\x00\xF5\x02\x02\x5F\x33\x04\xF3\x02\x02\x5F\x31\xFE\xF1\xFF\x0A\x00\x64\x0C\xEB\x03\xDF\x36\x61\xCE" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sundb i guess that once the listpack PR is merged, RESTORE will fail and we'll need to catch it (graceful failure instead of an assertion)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm
If the last bytes in ziplist are corrupt and we decode from tail to head, we may reach slightly outside the ziplist.
If the last bytes in ziplist are corrupt and we decode from tail to head, we may reach slightly outside the ziplist. (cherry picked from commit a3a0142)
If the last bytes in ziplist are corrupt and we decode from tail to head, we may reach slightly outside the ziplist. (cherry picked from commit a3a0142)
If the last bytes in ziplist are corrupt and we decode from tail to head, we may reach slightly outside the ziplist.
Found by ASAN on daily CI.
https://github.com/redis/redis/runs/4293567869?check_suite_focus=true