34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From 9f13b2bd4967334b1701c6eccdf53760cb13f79e Mon Sep 17 00:00:00 2001
|
|
From: John Sully <john@csquare.ca>
|
|
Date: Thu, 14 Mar 2019 14:02:16 -0400
|
|
Subject: [PATCH] Fix hyperloglog corruption
|
|
|
|
---
|
|
src/hyperloglog.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/hyperloglog.c b/src/hyperloglog.c
|
|
index fc21ea0065d..e993bf26e1d 100644
|
|
--- a/src/hyperloglog.c
|
|
+++ b/src/hyperloglog.c
|
|
@@ -614,6 +614,10 @@ int hllSparseToDense(robj *o) {
|
|
} else {
|
|
runlen = HLL_SPARSE_VAL_LEN(p);
|
|
regval = HLL_SPARSE_VAL_VALUE(p);
|
|
+ if ((runlen + idx) > HLL_REGISTERS) {
|
|
+ sdsfree(dense);
|
|
+ return C_ERR;
|
|
+ }
|
|
while(runlen--) {
|
|
HLL_DENSE_SET_REGISTER(hdr->registers,idx,regval);
|
|
idx++;
|
|
@@ -1088,6 +1092,8 @@ int hllMerge(uint8_t *max, robj *hll) {
|
|
} else {
|
|
runlen = HLL_SPARSE_VAL_LEN(p);
|
|
regval = HLL_SPARSE_VAL_VALUE(p);
|
|
+ if ((runlen + i) > HLL_REGISTERS)
|
|
+ return C_ERR;
|
|
while(runlen--) {
|
|
if (regval > max[i]) max[i] = regval;
|
|
i++;
|