From b58f03a0e858bd55f61f8865bfb58bdbb45c232b Mon Sep 17 00:00:00 2001 From: antirez Date: Tue, 11 Sep 2012 10:32:04 +0200 Subject: [PATCH] Make sure that SELECT argument is an integer or return an error. Unfortunately we had still the lame atoi() without any error checking in place, so "SELECT foo" would work as "SELECT 0". This was not an huge problem per se but some people expected that DB can be strings and not just numbers, and without errors you get the feeling that they can be numbers, but not the behavior. Now getLongFromObjectOrReply() is used as almost everybody else across the code, generating an error if the number is not an integer or overflows the long type. Thanks to @mipearson for reporting that on Twitter. --- src/db.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/db.c b/src/db.c index e65106a5..e78b0d53 100644 --- a/src/db.c +++ b/src/db.c @@ -226,7 +226,11 @@ void existsCommand(redisClient *c) { } void selectCommand(redisClient *c) { - int id = atoi(c->argv[1]->ptr); + long id; + + if (getLongFromObjectOrReply(c, c->argv[1], &id, + "invalid DB index") != REDIS_OK) + return; if (selectDb(c,id) == REDIS_ERR) { addReplyError(c,"invalid DB index"); -- 2.49.0