From 8b56abe8f7477aac5a7e33281123ec75a280820b Mon Sep 17 00:00:00 2001 From: cherry530 Date: Fri, 16 Dec 2022 17:19:57 +0800 Subject: [PATCH] fix memory uninitialized in fuzz testcase Signed-off-by: cherry530 (cherry picked from commit 58b1cf8b9b35faf706e430d96c85e9e8f1701baa) --- fix-memory-uninitialized-in-fuzz-testcase.patch | 13 +++++++++++++ hiredis.spec | 6 +++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 fix-memory-uninitialized-in-fuzz-testcase.patch diff --git a/fix-memory-uninitialized-in-fuzz-testcase.patch b/fix-memory-uninitialized-in-fuzz-testcase.patch new file mode 100644 index 0000000..86d728d --- /dev/null +++ b/fix-memory-uninitialized-in-fuzz-testcase.patch @@ -0,0 +1,13 @@ +diff --git a/sds.c b/sds.c +index 49d2096..9d46dc4 100644 +--- a/sds.c ++++ b/sds.c +@@ -513,7 +513,7 @@ sds sdscatvprintf(sds s, const char *fmt, va_list ap) { + } else { + buflen = sizeof(staticbuf); + } +- ++ memset(buf, 0, buflen); + /* Try with buffers two times bigger every time we fail to + * fit the string in the current buffer size. */ + while(1) { diff --git a/hiredis.spec b/hiredis.spec index c5224df..944d63b 100644 --- a/hiredis.spec +++ b/hiredis.spec @@ -1,6 +1,6 @@ Name: hiredis Version: 1.0.2 -Release: 2 +Release: 3 Summary: A minimalistic C client library for the Redis database License: BSD URL: https://github.com/redis/hiredis @@ -8,6 +8,7 @@ Source0: https://github.com/redis/hiredis/archive/refs/tags/v%{version}.t BuildRequires: gcc redis Patch0001: fix-heap-buffer-overflow-in-redisvFormatCommand.patch +Patch0002: fix-memory-uninitialized-in-fuzz-testcase.patch %description Hiredis is a minimalistic C client library for the Redis database. @@ -60,6 +61,9 @@ make check || true %{_libdir}/pkgconfig/hiredis.pc %changelog +* Fri Dec 16 2022 xu_ping - 1.0.2-3 +- fix memory uninitialized in fuzz testcase + * Tue May 24 2022 loong_C - 1.0.2-2 - fix spec changelog date -- Gitee