Skip to content

Redis: Limit decoded length#16859

Merged
normanmaurer merged 1 commit into
4.1from
red_dec41
Jun 1, 2026
Merged

Redis: Limit decoded length#16859
normanmaurer merged 1 commit into
4.1from
red_dec41

Conversation

@normanmaurer

Copy link
Copy Markdown
Member

Motivation:

To guard against unbounded memory usage we should enforce a limit when we try to decode the length. This needs to fit into a signed 64 bit integer.

Modifications:

  • Enforce limit during decoding
  • Add unit test

Result:

Ensure we will limit the number of bytes we buffer

@normanmaurer normanmaurer added this to the 4.1.135.Final milestone Jun 1, 2026
@normanmaurer normanmaurer added the needs-cherry-pick-5.0 This PR should be cherry-picked to 5.0 once merged. label Jun 1, 2026
Motivation:

To guard against unbounded memory usage we should enforce a limit when we try to decode the length. This needs to fit into a signed 64 bit integer.

Modifications:

- Enforce limit during decoding
- Add unit test

Result:

Ensure we will limit the number of bytes we buffer
@normanmaurer normanmaurer merged commit bff98ee into 4.1 Jun 1, 2026
17 of 18 checks passed
@normanmaurer normanmaurer deleted the red_dec41 branch June 1, 2026 16:47
@netty-project-bot

Copy link
Copy Markdown
Contributor

Auto-port PR for 5.0: #16884

@github-actions github-actions Bot removed the needs-cherry-pick-5.0 This PR should be cherry-picked to 5.0 once merged. label Jun 1, 2026
chrisvest added a commit that referenced this pull request Jun 4, 2026
Auto-port of #16859 to 5.0
Cherry-picked commit: bff98ee

---
Motivation:

To guard against unbounded memory usage we should enforce a limit when
we try to decode the length. This needs to fit into a signed 64 bit
integer.

Modifications:

- Enforce limit during decoding
- Add unit test

Result:

Ensure we will limit the number of bytes we buffer

---------

Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants