fix heap buffer overflow in redisvFormatCommand

fix-heap-buffer-overflow-in-redisvFormatCommand.patch

@@ -0,0 +1,26 @@
+From 78a8af37c6fc43e5fe4487a7a0762c9473444e37 Mon Sep 17 00:00:00 2001
+From: lingsheng <lingsheng@huawei.com>
+Date: Fri, 4 Jun 2021 11:05:20 +0800
+Subject: [PATCH] fix heap buffer overflow in redisvFormatCommand
+
+---
+ hiredis.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hiredis.c b/hiredis.c
+index 73d0251..af3a079 100644
+--- a/hiredis.c
++++ b/hiredis.c
+@@ -375,6 +375,9 @@ int redisvFormatCommand(char **target, const char *format, va_list ap) {
+ 
+             touched = 1;
+             c++;
++            if (*c == '\0') {
++                goto format_err;
++            }
+         }
+         c++;
+     }
+-- 
+2.23.0
+

hiredis.spec

@@ -1,6 +1,6 @@
 Name:           hiredis
 Version:        0.13.3
-Release:        11
+Release:        12
 Summary:        A minimalistic C client library for the Redis database
 License:        BSD
 URL:            https://github.com/redis/hiredis
@@ -9,6 +9,7 @@ BuildRequires:  gcc redis
 
 Patch0001:      0001-build-do-not-assume-that-INSTALL-is-cp.patch
 Patch0002:      CVE-2020-7105.patch
+Patch0003:      fix-heap-buffer-overflow-in-redisvFormatCommand.patch
 
 %description
 Hiredis is a minimalistic C client library for the Redis database.
@@ -61,6 +62,9 @@ make check || true
 %{_libdir}/pkgconfig/hiredis.pc
 
 %changelog
+* Fri Jun  4 2021 lingsheng<lingsheng@huawei.com> - 0.13.3-12
+- fix heap buffer overflow in redisvFormatCommand
+
 * Thu Mar 17 2020 likexin<likexin4@huawei.com> - 0.13.3-11
 - fix up cve-2020-7105