Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e89d385

Browse files
michael-grundermichael-grunder
committed
Fix segfault in _unserialize when we get badly formed data
1 parent f00ed2a commit e89d385

File tree

3 files changed

+22
-5
lines changed

3 files changed

+22
-5
lines changed

redis.c

+5-2
Original file line numberDiff line numberDiff line change
@@ -5951,6 +5951,9 @@ PHP_METHOD(Redis, script) {
59515951
RETURN_FALSE;
59525952
}
59535953

5954+
// Free our alocated arguments
5955+
efree(z_args);
5956+
59545957
// Kick off our request
59555958
REDIS_PROCESS_REQUEST(redis_sock, cmd, cmd_len);
59565959
IF_ATOMIC() {
@@ -6080,10 +6083,11 @@ PHP_METHOD(Redis, _unserialize) {
60806083
if(redis_sock->serializer != REDIS_SERIALIZER_NONE) {
60816084
zval *z_ret = NULL;
60826085
if(redis_unserialize(redis_sock, value, value_len, &z_ret TSRMLS_CC) == 0) {
6086+
// Badly formed input, throw an execption
60836087
zend_throw_exception(redis_exception_ce, "Invalid serialized data, or unserialization error", 0 TSRMLS_CC);
60846088
RETURN_FALSE;
60856089
}
6086-
RETURN_ZVAL(z_ret, 0, 0);
6090+
RETURN_ZVAL(z_ret, 0, 1);
60876091
} else {
60886092
// Just return the value that was passed to us
60896093
RETURN_STRINGL(value, value_len, 1);
@@ -6109,7 +6113,6 @@ PHP_METHOD(Redis, getLastError) {
61096113
// Return our last error or NULL if we don't have one
61106114
if(redis_sock->err != NULL && redis_sock->err_len > 0) {
61116115
RETURN_STRING(redis_sock->err, 1);
6112-
//RETURN_STRING(redis_sock->err); // , redis_sock->err_len-1, 1);
61136116
} else {
61146117
RETURN_NULL();
61156118
}

tests/TestRedis.php

+1-3
Original file line numberDiff line numberDiff line change
@@ -2995,9 +2995,7 @@ public function testEval() {
29952995
$this->redis->sadd('myset', 'f');
29962996

29972997
// Basic keys
2998-
$this->redis->del('key1');
29992998
$this->redis->set('key1', 'hello, world');
3000-
$this->redis->del('key2');
30012999
$this->redis->set('key2', 'hello again!');
30023000

30033001
// Use a script to return our list, and verify its response
@@ -3077,7 +3075,7 @@ public function testEvalSHA() {
30773075
$this->assertFalse($this->redis->evalsha('some-random-data'));
30783076

30793077
// Load a script
3080-
$cb = uniqid();
3078+
$cb = uniqid(); // To ensure the script is new
30813079
$scr = "local cb='$cb' return 1";
30823080
$sha = sha1($scr);
30833081

tests/test.php

+16
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,24 @@ public static function run($className) {
3535
$rc = new ReflectionClass($className);
3636
$methods = $rc->GetMethods(ReflectionMethod::IS_PUBLIC);
3737

38+
$sub_scr = array('Eval','Unserialize','Dump','Script');
39+
40+
3841
foreach($methods as $m) {
3942

43+
$do_run = false;
44+
foreach($sub_scr as $sub) {
45+
if(strpos($m->name, $sub) !== false) {
46+
$do_run = true;
47+
break;
48+
}
49+
}
50+
if(!$do_run) continue;
51+
/*if(strpos($m->name, 'Eval') === false && strpos($m->name, 'Unserialize') === false &&
52+
strpos($m->name, 'Dump') === false strpos($m->name, 'Script') === false) {
53+
echo $m->name . "\n";
54+
continue;
55+
}*/
4056
$name = $m->name;
4157
if(substr($name, 0, 4) !== 'test')
4258
continue;

0 commit comments

Comments
 (0)