From 4c3d419013e28c417a51f650f16b96807590c1e7 Mon Sep 17 00:00:00 2001 From: Haruto Otake Date: Sun, 15 Jul 2012 18:38:30 +0900 Subject: [PATCH] BITCOUNT: fix segmentation fault. remove unsafe and unnecessary cast. until now, this cast may lead segmentation fault when end > UINT_MAX setbit foo 0 1 bitcount 0 4294967295 => ok bitcount 0 4294967296 => cause segmentation fault. Note by @antirez: the commit was modified a bit to also change the string length type to long, since it's guaranteed to be at max 512 MB in size, so we can work with the same type across all the code path. A regression test was also added. --- src/bitops.c | 5 ++--- tests/unit/bitops.tcl | 6 ++++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/bitops.c b/src/bitops.c index deec0971..39d24ab7 100644 --- a/src/bitops.c +++ b/src/bitops.c @@ -327,10 +327,9 @@ void bitopCommand(redisClient *c) { /* BITCOUNT key [start end] */ void bitcountCommand(redisClient *c) { robj *o; - long start, end; + long start, end, strlen; unsigned char *p; char llbuf[32]; - size_t strlen; /* Lookup, check for type, and return 0 for non existing keys. */ if ((o = lookupKeyReadOrReply(c,c->argv[1],shared.czero)) == NULL || @@ -357,7 +356,7 @@ void bitcountCommand(redisClient *c) { if (end < 0) end = strlen+end; if (start < 0) start = 0; if (end < 0) end = 0; - if ((unsigned)end >= strlen) end = strlen-1; + if (end >= strlen) end = strlen-1; } else if (c->argc == 2) { /* The whole string. */ start = 0; diff --git a/tests/unit/bitops.tcl b/tests/unit/bitops.tcl index 0e3403bf..5945d32d 100644 --- a/tests/unit/bitops.tcl +++ b/tests/unit/bitops.tcl @@ -73,6 +73,12 @@ start_server {tags {"bitops"}} { set e } {ERR*syntax*} + test {BITCOUNT regression test for github issue #582} { + r del str + r setbit foo 0 1 + r bitcount foo 0 4294967296 + } {1} + test {BITOP NOT (empty string)} { r set s "" r bitop not dest s -- 2.45.2