From 7c96b467c1f882874f80403101ec96ddaf624f1a Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Tue, 21 Feb 2012 18:25:49 +0100
Subject: [PATCH] Fixed undefined behavior in *INCR style functions overflow
 detection. Sorry clang!

---
 src/t_hash.c   | 5 +++--
 src/t_string.c | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/t_hash.c b/src/t_hash.c
index b8e2ad31..f97fc992 100644
--- a/src/t_hash.c
+++ b/src/t_hash.c
@@ -337,11 +337,12 @@ void hincrbyCommand(redisClient *c) {
     }
 
     oldvalue = value;
-    value += incr;
-    if ((incr < 0 && value > oldvalue) || (incr > 0 && value < oldvalue)) {
+    if ((incr < 0 && oldvalue < 0 && incr < (LLONG_MIN-oldvalue)) ||
+        (incr > 0 && oldvalue > 0 && incr > (LLONG_MAX-oldvalue))) {
         addReplyError(c,"increment or decrement would overflow");
         return;
     }
+    value += incr;
     new = createStringObjectFromLongLong(value);
     hashTypeTryObjectEncoding(o,&c->argv[2],NULL);
     hashTypeSet(o,c->argv[2],new);
diff --git a/src/t_string.c b/src/t_string.c
index 2bd1646e..d6143ed2 100644
--- a/src/t_string.c
+++ b/src/t_string.c
@@ -344,11 +344,12 @@ void incrDecrCommand(redisClient *c, long long incr) {
     if (getLongLongFromObjectOrReply(c,o,&value,NULL) != REDIS_OK) return;
 
     oldvalue = value;
-    value += incr;
-    if ((incr < 0 && value > oldvalue) || (incr > 0 && value < oldvalue)) {
+    if ((incr < 0 && oldvalue < 0 && incr < (LLONG_MIN-oldvalue)) ||
+        (incr > 0 && oldvalue > 0 && incr > (LLONG_MAX-oldvalue))) {
         addReplyError(c,"increment or decrement would overflow");
         return;
     }
+    value += incr;
     new = createStringObjectFromLongLong(value);
     if (o)
         dbOverwrite(c->db,c->argv[1],new);
-- 
2.45.2