You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our testing tool generates a testing input HGET 1024 w!%b for redisvFormatCommand and triggers a segfault. It looks like redisvFormatCommand does not correctly check if the ap is empty before accessing it (https://github.com/redis/hiredis/blob/master/hiredis.c#L373). So even a simple "%b" could cause the crash when there is no actual bytes array parameter passed to redisvFormatCommand. This seems to be the same root cause for the issues (#1134, #1142) reported previously.
The text was updated successfully, but these errors were encountered:
Our testing tool generates a testing input
HGET 1024 w!%b
for redisvFormatCommand and triggers a segfault. It looks like redisvFormatCommand does not correctly check if theap
is empty before accessing it (https://github.com/redis/hiredis/blob/master/hiredis.c#L373). So even a simple "%b" could cause the crash when there is no actual bytes array parameter passed to redisvFormatCommand. This seems to be the same root cause for the issues (#1134, #1142) reported previously.The text was updated successfully, but these errors were encountered: