diff options
author | Alex Smith <aes7mv@virginia.edu> | 2020-10-15 17:46:15 -0400 |
---|---|---|
committer | michael-grunder <michael.grunder@gmail.com> | 2021-02-25 21:25:17 -0800 |
commit | f913e9b997e2cc4b847923e1b3b0649d77c85923 (patch) | |
tree | 93050af2498faa23776ff7b2899066ef963add7a /read.c | |
parent | 8039c7d26c553509afe8b2dce0e9deca28957e9f (diff) |
read: Fix double validation and infinity parsing
The ',' protocol byte gets removed in processItem(), so it should not
be compared against in processLineItem().
strtod() allows multiple representations of infinity and NaN that are
not RESP3 compliant. Since we explicitly check for the two compliant
infinity cases, strtod() should only return finite values.
Diffstat (limited to 'read.c')
-rw-r--r-- | read.c | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -299,13 +299,17 @@ static int processLineItem(redisReader *r) { memcpy(buf,p,len); buf[len] = '\0'; - if (strcasecmp(buf,",inf") == 0) { + if (strcasecmp(buf,"inf") == 0) { d = INFINITY; /* Positive infinite. */ - } else if (strcasecmp(buf,",-inf") == 0) { + } else if (strcasecmp(buf,"-inf") == 0) { d = -INFINITY; /* Negative infinite. */ } else { d = strtod((char*)buf,&eptr); - if (buf[0] == '\0' || eptr[0] != '\0' || isnan(d)) { + /* RESP3 only allows "inf", "-inf", and finite values, while + * strtod() allows other variations on infinity, NaN, + * etc. We explicity handle our two allowed infinite cases + * above, so strtod() should only result in finite values. */ + if (buf[0] == '\0' || eptr[0] != '\0' || !isfinite(d)) { __redisReaderSetError(r,REDIS_ERR_PROTOCOL, "Bad double value"); return REDIS_ERR; |