mirrors
/
redis
mirror of https://mirror.osredm.com/root/redis.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check length before reading in `stringmatchlen` (#13690) 

Fixes four cases where `stringmatchlen` could overrun the pattern if it is not
terminated with NUL.

These commits are cherry-picked from my
[fork](https://github.com/thaliaarchi/antirez-stringmatch) which
extracts `stringmatch` as a library and compares it to other projects by
antirez which uses the same matcher.
This commit is contained in:
Thalia Archibald 2024-12-25 20:37:23 -08:00 committed by GitHub
parent 7665bdc91a
commit 8144019a13
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/util.c
View File

@ -109,24 +109,24 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
pattern++;
patternLen--;
not = pattern[0] == '^';
not = patternLen && pattern[0] == '^';
if (not) {
pattern++;
patternLen--;
}
match = 0;
while(1) {
if (pattern[0] == '\\' && patternLen >= 2) {
if (patternLen >= 2 && pattern[0] == '\\') {
pattern++;
patternLen--;
if (pattern[0] == string[0])
match = 1;
} else if (pattern[0] == ']') {
break;
} else if (patternLen == 0) {
pattern--;
patternLen++;
break;
} else if (pattern[0] == ']') {
break;
} else if (patternLen >= 3 && pattern[1] == '-') {
int start = pattern[0];
int end = pattern[2];
@ -186,7 +186,7 @@ static int stringmatchlen_impl(const char *pattern, int patternLen,
pattern++;
patternLen--;
if (stringLen == 0) {
while(*pattern == '*') {
while(patternLen && *pattern == '*') {
pattern++;
patternLen--;
}