From b38682199b09bb77e11d9a3d4130fd8ebf8df7df Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Tue, 12 Jun 2018 17:31:04 +0200
Subject: [PATCH] Fix rdbSaveKeyValuePair() integer overflow.

Again thanks to @oranagra. The object idle time does not fit into an int
sometimes: use the native type that the serialization function will get
as argument, which is uint64_t.
---
 src/rdb.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/rdb.c b/src/rdb.c
index 7d5fd5fc..97b2d035 100644
--- a/src/rdb.c
+++ b/src/rdb.c
@@ -993,8 +993,7 @@ size_t rdbSavedObjectLen(robj *o) {
  * On error -1 is returned.
  * On success if the key was actually saved 1 is returned, otherwise 0
  * is returned (the key was already expired). */
-int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, long long expiretime)
-{
+int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, long long expiretime) {
     int savelru = server.maxmemory_policy & MAXMEMORY_FLAG_LRU;
     int savelfu = server.maxmemory_policy & MAXMEMORY_FLAG_LFU;
 
@@ -1006,7 +1005,7 @@ int rdbSaveKeyValuePair(rio *rdb, robj *key, robj *val, long long expiretime)
 
     /* Save the LRU info. */
     if (savelru) {
-        int idletime = estimateObjectIdleTime(val);
+        uint64_t idletime = estimateObjectIdleTime(val);
         idletime /= 1000; /* Using seconds is enough and requires less space.*/
         if (rdbSaveType(rdb,RDB_OPCODE_IDLE) == -1) return -1;
         if (rdbSaveLen(rdb,idletime) == -1) return -1;