Copilot commented on code in PR #3050:
URL: https://github.com/apache/brpc/pull/3050#discussion_r2244216209
##########
src/brpc/redis_command.cpp:
##########
@@ -456,6 +459,12 @@ ParseError RedisCommandParser::Consume(butil::IOBuf& buf,
return PARSE_ERROR_ABSOLUTELY_WRONG;
}
if (!_parsing_array) {
+ if (value > (int64_t)(FLAGS_redis_max_allocation_size /
sizeof(butil::StringPiece))) {
Review Comment:
Similar to the redis_reply.cpp issue, division by sizeof(butil::StringPiece)
could theoretically cause issues if the size is zero. Consider adding bounds
checking.
##########
src/brpc/redis_reply.cpp:
##########
@@ -229,9 +233,10 @@ ParseError RedisReply::ConsumePartialIOBuf(butil::IOBuf&
buf) {
_data.array.replies = NULL;
return PARSE_OK;
}
Review Comment:
Division by sizeof(RedisReply) could result in integer division by zero if
sizeof(RedisReply) is somehow zero, though this is unlikely. Consider adding a
check or using a safer calculation method.
```suggestion
}
if (sizeof(RedisReply) == 0) {
LOG(ERROR) << "sizeof(RedisReply) is zero, division by zero
avoided.";
return PARSE_ERROR_ABSOLUTELY_WRONG;
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
