mirror of https://mirror.osredm.com/root/redis.git
avoid possible use-after-free with module KSN changes (#13875)
CI / build-debian-old (push) Failing after 4s
Details
CI / build-centos-jemalloc (push) Failing after 3s
Details
CI / build-old-chain-jemalloc (push) Failing after 3s
Details
CI / build-32bit (push) Failing after 18s
Details
CI / build-libc-malloc (push) Successful in 53s
Details
CI / test-sanitizer-address (push) Failing after 1m6s
Details
CI / test-ubuntu-latest (push) Failing after 2m57s
Details
Spellcheck / Spellcheck (push) Successful in 9m5s
Details
Coverity Scan / coverity (push) Has been skipped
Details
External Server Tests / test-external-cluster (push) Failing after 31s
Details
External Server Tests / test-external-standalone (push) Failing after 6m35s
Details
External Server Tests / test-external-nodebug (push) Failing after 15m1s
Details
CI / build-macos-latest (push) Has been cancelled
Details
CI / build-debian-old (push) Failing after 4s
Details
CI / build-centos-jemalloc (push) Failing after 3s
Details
CI / build-old-chain-jemalloc (push) Failing after 3s
Details
CI / build-32bit (push) Failing after 18s
Details
CI / build-libc-malloc (push) Successful in 53s
Details
CI / test-sanitizer-address (push) Failing after 1m6s
Details
CI / test-ubuntu-latest (push) Failing after 2m57s
Details
Spellcheck / Spellcheck (push) Successful in 9m5s
Details
Coverity Scan / coverity (push) Has been skipped
Details
External Server Tests / test-external-cluster (push) Failing after 31s
Details
External Server Tests / test-external-standalone (push) Failing after 6m35s
Details
External Server Tests / test-external-nodebug (push) Failing after 15m1s
Details
CI / build-macos-latest (push) Has been cancelled
Details
in #13505, we changed the code to use the string value of the key rather than the integer value on the stack, but we have a test in unit/moduleapi/keyspace_events that uses keyspace notification hook to modify the value with RM_StringDMA, which can cause this value to be released before used. the reason it didn't happen so far is because we were using shared integers, so releasing the object doesn't free it.
This commit is contained in:
Oran Agra
GitHub
parent
319bbcc1a7
commit
2a189709e0
|
|
@ -612,10 +612,10 @@ void incrDecrCommand(client *c, long long incr) {
|
|||
dbAdd(c->db,c->argv[1],new);
|
||||
}
|
||||
}
|
||||
addReplyLongLongFromStr(c,new);
|
||||
signalModifiedKey(c,c->db,c->argv[1]);
|
||||
notifyKeyspaceEvent(NOTIFY_STRING,"incrby",c->argv[1],c->db->id);
|
||||
server.dirty++;
|
||||
addReplyLongLongFromStr(c,new);
|
||||
}
|
||||
|
||||
void incrCommand(client *c) {
|
||||
|
|
|
|||
|
|
@ -3,6 +3,10 @@ set testmodule [file normalize tests/modules/keyspace_events.so]
|
|||
tags "modules" {
|
||||
start_server [list overrides [list loadmodule "$testmodule"]] {
|
||||
|
||||
# avoid using shared integers, to increase the chance of detection heap issues
|
||||
r config set maxmemory-policy allkeys-lru
|
||||
r config set maxmemory 1gb
|
||||
|
||||
test {Test loaded key space event} {
|
||||
r set x 1
|
||||
r hset y f v
|
||||
|
|
|
|||
Loading…
Reference in New Issue