Package: redis-server
Version: 6.0.8-1
Severity: normal
Tags: patch
X-Debbugs-Cc: yoss...@gmail.com
Dear Maintainer,
The latest get_current_dir_name patch seems to be broken, as it attempts
to free a stack pointer.
The proposed fix also changes zfree() to free() which is technically
more correct, as glibc may or may not use the same heap allocator Redis
uses internally.
diff -Nru redis-6.0.8/debian/changelog redis-6.0.8/debian/changelog
--- redis-6.0.8/debian/changelog 2020-09-16 12:57:22.000000000 +0300
+++ redis-6.0.8/debian/changelog 2020-10-22 16:12:07.000000000 +0300
@@ -1,3 +1,11 @@
+redis (5:6.0.8-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix get_current_dir_name patch issue that could lead to crashes when
+ reporting RDB/AOF file errors.
+
+ -- Yossi Gottlieb <yoss...@gmail.com> Thu, 22 Oct 2020 16:12:07 +0300
+
redis (5:6.0.8-1) unstable; urgency=medium
* New upstream release.
diff -Nru
redis-6.0.8/debian/patches/0010-Use-get_current_dir_name-over-PATHMAX-etc.patch
redis-6.0.8/debian/patches/0010-Use-get_current_dir_name-over-PATHMAX-etc.patch
---
redis-6.0.8/debian/patches/0010-Use-get_current_dir_name-over-PATHMAX-etc.patch
2020-09-16 12:57:22.000000000 +0300
+++
redis-6.0.8/debian/patches/0010-Use-get_current_dir_name-over-PATHMAX-etc.patch
2020-10-22 16:12:07.000000000 +0300
@@ -7,20 +7,31 @@
src/rdb.c | 7 ++++---
2 files changed, 5 insertions(+), 3 deletions(-)
-diff --git a/src/aof.c b/src/aof.c
-index cbc0989..d215293 100644
--- a/src/aof.c
+++ b/src/aof.c
-@@ -263,6 +263,7 @@ int startAppendOnly(void) {
+@@ -249,13 +249,12 @@ void stopAppendOnly(void) {
+ /* Called when the user switches from "appendonly no" to "appendonly yes"
+ * at runtime using the CONFIG command. */
+ int startAppendOnly(void) {
+- char cwd[MAXPATHLEN]; /* Current working dir path for error messages. */
+ int newfd;
+
+ newfd = open(server.aof_filename,O_WRONLY|O_APPEND|O_CREAT,0644);
+ serverAssert(server.aof_state == AOF_OFF);
+ if (newfd == -1) {
+- char *cwdp = getcwd(cwd,MAXPATHLEN);
++ char *cwdp = get_current_dir_name();
+
+ serverLog(LL_WARNING,
+ "Redis needs to enable the AOF but can't open the "
+@@ -263,6 +262,7 @@ int startAppendOnly(void) {
server.aof_filename,
cwdp ? cwdp : "unknown",
strerror(errno));
-+ zfree(cwdp);
++ free(cwdp);
return C_ERR;
}
if (hasActiveChildProcess() && server.aof_child_pid == -1) {
-diff --git a/src/rdb.c b/src/rdb.c
-index 54a169c..104a666 100644
--- a/src/rdb.c
+++ b/src/rdb.c
@@ -1307,7 +1307,6 @@ werr: /* Write error. */
@@ -31,7 +42,7 @@
FILE *fp;
rio rdb;
int error = 0;
-@@ -1315,13 +1314,14 @@ int rdbSave(char *filename, rdbSaveInfo *rsi) {
+@@ -1315,13 +1314,14 @@ int rdbSave(char *filename, rdbSaveInfo
snprintf(tmpfile,256,"temp-%d.rdb", (int) getpid());
fp = fopen(tmpfile,"w");
if (!fp) {
@@ -43,11 +54,11 @@
filename,
cwdp ? cwdp : "unknown",
strerror(errno));
-+ zfree(cwdp);
++ free(cwdp);
return C_ERR;
}
-@@ -1344,7 +1344,7 @@ int rdbSave(char *filename, rdbSaveInfo *rsi) {
+@@ -1344,7 +1344,7 @@ int rdbSave(char *filename, rdbSaveInfo
/* Use RENAME to make sure the DB file is changed atomically only
* if the generate DB file is ok. */
if (rename(tmpfile,filename) == -1) {
@@ -56,11 +67,11 @@
serverLog(LL_WARNING,
"Error moving temp DB file %s on the final "
"destination %s (in server root dir %s): %s",
-@@ -1352,6 +1352,7 @@ int rdbSave(char *filename, rdbSaveInfo *rsi) {
+@@ -1352,6 +1352,7 @@ int rdbSave(char *filename, rdbSaveInfo
filename,
cwdp ? cwdp : "unknown",
strerror(errno));
-+ zfree(cwdp);
++ free(cwdp);
unlink(tmpfile);
stopSaving(0);
return C_ERR;
