1 Star 0 Fork 46

zwjsec/redis

forked from src-openEuler/redis 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
CVE-2021-3470.patch 1.31 KB
一键复制 编辑 原始数据 按行查看 历史
wang_yue111 提交于 2021-04-07 10:07 . Fix CVE-2021-3470
From a714d2561b78985ec85f3056aac83c603cbaaa5f Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Wed, 7 Apr 2021 10:00:53 +0800
Subject: [PATCH] Fix wrong zmalloc_size() assumption. (#7963)
When using a system with no malloc_usable_size(), zmalloc_size() assumed
that the heap allocator always returns blocks that are long-padded.
This may not always be the case, and will result with zmalloc_size()
returning a size that is bigger than allocated. At least in one case
this leads to out of bound write, process crash and a potential security
vulnerability.
Effectively this does not affect the vast majority of users, who use
jemalloc or glibc.
This problem along with a (different) fix was reported by Drew DeVault.
---
src/zmalloc.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/zmalloc.c b/src/zmalloc.c
index cc47f71..67b1b65 100644
--- a/src/zmalloc.c
+++ b/src/zmalloc.c
@@ -186,9 +186,6 @@ void *zrealloc(void *ptr, size_t size) {
size_t zmalloc_size(void *ptr) {
void *realptr = (char*)ptr-PREFIX_SIZE;
size_t size = *((size_t*)realptr);
- /* Assume at least that all the allocations are padded at sizeof(long) by
- * the underlying allocator. */
- if (size&(sizeof(long)-1)) size += sizeof(long)-(size&(sizeof(long)-1));
return size+PREFIX_SIZE;
}
#endif
--
2.23.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/zwjsec/redis.git
git@gitee.com:zwjsec/redis.git
zwjsec
redis
redis
master

搜索帮助