mirror of
https://github.com/fluencelabs/redis
synced 2025-03-17 16:10:50 +00:00
Fix off by one bug in freeMemoryIfNeeded() eviction pool.
Bug found by the continuous integration test running the Redis with valgrind: ==6245== Invalid read of size 8 ==6245== at 0x4C2DEEF: memcpy@GLIBC_2.2.5 (mc_replace_strmem.c:876) ==6245== by 0x41F9E6: freeMemoryIfNeeded (redis.c:3010) ==6245== by 0x41D2CC: processCommand (redis.c:2069) memmove() size argument was accounting for an extra element, going outside the bounds of the array.
This commit is contained in:
parent
9e0b9f12b2
commit
6540e9eeaa
@ -3040,7 +3040,7 @@ int freeMemoryIfNeeded(void) {
|
||||
sdsfree(pool[k].key);
|
||||
/* Shift all elements on its right to left. */
|
||||
memmove(pool+k,pool+k+1,
|
||||
sizeof(pool[0])*(REDIS_EVICTION_POOL_SIZE-k));
|
||||
sizeof(pool[0])*(REDIS_EVICTION_POOL_SIZE-k-1));
|
||||
/* Clear the element on the right which is empty
|
||||
* since we shifted one position to the left. */
|
||||
pool[REDIS_EVICTION_POOL_SIZE-1].key = NULL;
|
||||
|
Loading…
x
Reference in New Issue
Block a user