Fix limit undefined behavior crash in CLUSTER SLOT-STATS

We did not set a default value for limit, but it will be used in addReplyOrderBy later, the undefined behavior may crash the server since the value could be negative and crash will happen in addReplyArrayLen. An interesting reproducible example (limit reuses the value of -1): ``` > cluster slot-stats orderby key-count desc limit -1 (error) ERR Limit has to lie in between 1 and 16384 (maximum number of slots). > cluster slot-stats orderby key-count desc Error: Server closed the connection ``` Set the default value of limit to 16384. Signed-off-by: Binbin <[email protected]>
enjoy-binbin · Jun 28, 2024 · 97a294d · 97a294d
1 parent 1269532
commit 97a294d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/cluster_slot_stats.c b/src/cluster_slot_stats.c
@@ -147,7 +147,7 @@ void clusterSlotStatsCommand(client *c) {
         }
         int i = 4; /* Next argument index, following ORDERBY */
         int limit_counter = 0, asc_desc_counter = 0;
-        long limit;
+        long limit = CLUSTER_SLOTS;
         while (i < c->argc) {
             int moreargs = c->argc > i + 1;
             if (!strcasecmp(c->argv[i]->ptr, "limit") && moreargs) {