Enforce offset range limitations for GETBIT and SETBIT

michael-grunder · michael-grunder · commit eff6a9134044 · 2013-11-13T15:00:13.000-08:00
Addresses phpredis#401
diff --git a/common.h b/common.h
@@ -47,6 +47,10 @@ typedef enum _REDIS_REPLY_TYPE {
 #define REDIS_SERIALIZER_PHP 		1
 #define REDIS_SERIALIZER_IGBINARY 	2
 
+/* GETBIT/SETBIT offset range limits */
+#define BITOP_MIN_OFFSET 0
+#define BITOP_MAX_OFFSET 4294967295
+
 #define IF_MULTI() if(redis_sock->mode == MULTI)
 #define IF_MULTI_OR_ATOMIC() if(redis_sock->mode == MULTI || redis_sock->mode == ATOMIC)\
 
diff --git a/redis.c b/redis.c
@@ -1739,6 +1739,11 @@ PHP_METHOD(Redis, getBit)
 		RETURN_FALSE;
 	}
 
+	// GETBIT and SETBIT only work for 0 - 2^32-1
+	if(offset < BITOP_MIN_OFFSET || offset > BITOP_MAX_OFFSET) {
+	    RETURN_FALSE;
+	}
+
 	key_free = redis_key_prefix(redis_sock, &key, &key_len TSRMLS_CC);
 	cmd_len = redis_cmd_format_static(&cmd, "GETBIT", "sd", key, key_len, (int)offset);
 	if(key_free) efree(key);
@@ -1768,6 +1773,11 @@ PHP_METHOD(Redis, setBit)
 		RETURN_FALSE;
 	}
 
+	// GETBIT and SETBIT only work for 0 - 2^32-1
+	if(offset < BITOP_MIN_OFFSET || offset > BITOP_MAX_OFFSET) {
+	    RETURN_FALSE;
+	}
+
 	key_free = redis_key_prefix(redis_sock, &key, &key_len TSRMLS_CC);
 	cmd_len = redis_cmd_format_static(&cmd, "SETBIT", "sdd", key, key_len, (int)offset, (int)val);
 	if(key_free) efree(key);
@@ -2363,15 +2373,6 @@ PHP_METHOD(Redis, sRandMember)
         }
         REDIS_PROCESS_RESPONSE(redis_string_response);
     }
-
-    /*IF_ATOMIC() {
-        // This will be bulk or multi-bulk depending if we passed the optional [COUNT] argument
-        if(redis_read_variant_reply(INTERNAL_FUNCTION_PARAM_PASSTHRU, redis_sock, NULL) < 0) {
-            RETURN_FALSE;
-        }
-    }
-    REDIS_PROCESS_RESPONSE(redis_read_variant_reply);
-    */
 }
 /* }}} */
 
diff --git a/tests/TestRedis.php b/tests/TestRedis.php
@@ -109,7 +109,13 @@ public function testBitsets() {
 
 	    // values above 1 are changed to 1 but don't overflow on bits to the right.
 	    $this->assertTrue(0 === $this->redis->setBit('key', 0, 0xff));
-	    $this->assertTrue("\x9f" === $this->redis->get('key'));
+        $this->assertTrue("\x9f" === $this->redis->get('key'));
+
+        // Verify valid offset ranges
+        $this->assertFalse($this->redis->getBit('key', -1));
+        $this->assertFalse($this->redis->getBit('key', 4294967296));
+        $this->assertFalse($this->redis->setBit('key', -1, 1));
+        $this->assertFalse($this->redis->setBit('key', 4294967296, 1));
     }
 
     public function test1000() {
