From 9d7165e885b3de44577dea2917bb4f3afa2ed335 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Sun, 19 Dec 2010 12:22:12 +0100
Subject: [PATCH] overflow detection in INCR family functions

---
 src/t_string.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/t_string.c b/src/t_string.c
index eb080c88..c3e3607f 100644
--- a/src/t_string.c
+++ b/src/t_string.c
@@ -346,14 +346,19 @@ void msetnxCommand(redisClient *c) {
 }
 
 void incrDecrCommand(redisClient *c, long long incr) {
-    long long value;
+    long long value, oldvalue;
     robj *o;
 
     o = lookupKeyWrite(c->db,c->argv[1]);
     if (o != NULL && checkType(c,o,REDIS_STRING)) return;
     if (getLongLongFromObjectOrReply(c,o,&value,NULL) != REDIS_OK) return;
 
+    oldvalue = value;
     value += incr;
+    if ((incr < 0 && value > oldvalue) || (incr > 0 && value < oldvalue)) {
+        addReplyError(c,"increment or decrement would overflow");
+        return;
+    }
     o = createStringObjectFromLongLong(value);
     dbReplace(c->db,c->argv[1],o);
     touchWatchedKey(c->db,c->argv[1]);
-- 
2.47.2