This is an automated email from the ASF dual-hosted git repository.
chenBright pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brpc.git
The following commit(s) were added to refs/heads/master by this push:
new 1ba4286a Fix empty Redis command array parsing (#3354)
1ba4286a is described below
commit 1ba4286aa51330d79f2583ea13f989680a68b09b
Author: Weibing Wang <[email protected]>
AuthorDate: Sun Jun 21 19:56:26 2026 +0800
Fix empty Redis command array parsing (#3354)
---
src/brpc/redis_command.cpp | 12 ++++++++++--
test/brpc_redis_unittest.cpp | 13 +++++++++++++
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/brpc/redis_command.cpp b/src/brpc/redis_command.cpp
index e22d35fc..6b284834 100644
--- a/src/brpc/redis_command.cpp
+++ b/src/brpc/redis_command.cpp
@@ -517,14 +517,22 @@ RedisCommandConsumeState
RedisCommandParser::ConsumeImpl(butil::IOBuf& buf,
return CONSUME_STATE_ERROR;
}
buf.pop_front(crlf_pos + 2/*CRLF*/);
+ if (value == 0) {
+ LOG(ERROR) << "Empty redis command array";
+ *err = PARSE_ERROR_ABSOLUTELY_WRONG;
+ return CONSUME_STATE_ERROR;
+ }
_parsing_array = true;
_length = value;
_index = 0;
_args.resize(value);
return CONSUME_STATE_CONTINUE;
}
- CHECK(_index < _length) << "a complete command has been parsed. "
- "impl of RedisCommandParser::Parse is buggy";
+ if (_index >= _length) {
+ LOG(ERROR) << "Too many bulk strings in redis command";
+ *err = PARSE_ERROR_ABSOLUTELY_WRONG;
+ return CONSUME_STATE_ERROR;
+ }
const int64_t len = value; // `value' is length of the string
if (len < 0) {
LOG(ERROR) << "string in command is nil!";
diff --git a/test/brpc_redis_unittest.cpp b/test/brpc_redis_unittest.cpp
index 80706b06..9597f6ab 100644
--- a/test/brpc_redis_unittest.cpp
+++ b/test/brpc_redis_unittest.cpp
@@ -673,6 +673,19 @@ TEST_F(RedisTest, command_parser) {
}
}
+TEST(RedisCommandParserTest, reject_empty_resp_array_command) {
+ brpc::RedisCommandParser parser;
+ butil::IOBuf buf;
+ std::vector<butil::StringPiece> command_out;
+ butil::Arena arena;
+
+ // Empty RESP arrays are not valid commands and must not leave the parser
in
+ // a state that accepts following bulk strings.
+ buf.append("*0\r\n$1\r\nx\r\n");
+ ASSERT_EQ(brpc::PARSE_ERROR_ABSOLUTELY_WRONG,
+ parser.Consume(buf, &command_out, &arena));
+}
+
// Regression test for issue #3109: the inline redis protocol must not consume
// the HTTP/2 connection preface as a command, otherwise protocol
auto-detection
// never falls through to HTTP/2 and gRPC clients fail with "connection closed
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
