!31 [sync] PR-28: 修复fuzz测试中遇到内存未做初始化的错误

From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia

0001-build-do-not-assume-that-INSTALL-is-cp.patch

@@ -1,39 +0,0 @@
-From 725a96aaa247cae90f46753ca85dadbf22a64e5f Mon Sep 17 00:00:00 2001
-From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
-Date: Mon, 30 Oct 2017 10:19:47 +0100
-Subject: [PATCH] build: do not assume that INSTALL is cp
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-INSTALL is supposed to be `install` in most of the cases which
-doesn't work with directories, but works perfectly with files.
-
-Don't do this assumption.
-
-Reported-by: Jiří Vymazal <jvymazal@redhat.com>
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1506251
-Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
----
- Makefile | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 781a41d..c6eb229 100644
---- a/Makefile
-+++ b/Makefile
-@@ -181,8 +181,9 @@ $(PKGCONFNAME): hiredis.h
- 	@echo Cflags: -I\$${includedir} -D_FILE_OFFSET_BITS=64 >> $@
- 
- install: $(DYLIBNAME) $(STLIBNAME) $(PKGCONFNAME)
--	mkdir -p $(INSTALL_INCLUDE_PATH) $(INSTALL_LIBRARY_PATH)
--	$(INSTALL) hiredis.h async.h read.h sds.h adapters $(INSTALL_INCLUDE_PATH)
-+	mkdir -p $(INSTALL_INCLUDE_PATH) $(INSTALL_INCLUDE_PATH)/adapters $(INSTALL_LIBRARY_PATH)
-+	$(INSTALL) hiredis.h async.h read.h sds.h $(INSTALL_INCLUDE_PATH)
-+	$(INSTALL) adapters/*.h $(INSTALL_INCLUDE_PATH)/adapters
- 	$(INSTALL) $(DYLIBNAME) $(INSTALL_LIBRARY_PATH)/$(DYLIB_MINOR_NAME)
- 	cd $(INSTALL_LIBRARY_PATH) && ln -sf $(DYLIB_MINOR_NAME) $(DYLIBNAME)
- 	$(INSTALL) $(STLIBNAME) $(INSTALL_LIBRARY_PATH)
--- 
-2.14.3
-

CVE-2020-7105.patch

@@ -1,42 +0,0 @@
-diff -Nur hiredis-0.13.3.orig/async.c hiredis-0.13.3/async.c
---- hiredis-0.13.3.orig/async.c	2015-09-16 18:25:02.000000000 +0800
-+++ hiredis-0.13.3/async.c	2020-03-17 11:28:02.927579511 +0800
-@@ -69,6 +69,8 @@
- static void *callbackValDup(void *privdata, const void *src) {
-     ((void) privdata);
-     redisCallback *dup = malloc(sizeof(*dup));
-+    if(dup == NULL)
-+        abort();
-     memcpy(dup,src,sizeof(*dup));
-     return dup;
- }
-diff -Nur hiredis-0.13.3.orig/dict.c hiredis-0.13.3/dict.c
---- hiredis-0.13.3.orig/dict.c	2015-09-16 18:25:02.000000000 +0800
-+++ hiredis-0.13.3/dict.c	2020-03-17 11:29:44.708321131 +0800
-@@ -72,6 +72,8 @@
- /* Create a new hash table */
- static dict *dictCreate(dictType *type, void *privDataPtr) {
-     dict *ht = malloc(sizeof(*ht));
-+    if (ht == NULL)
-+        abort();
-     _dictInit(ht,type,privDataPtr);
-     return ht;
- }
-@@ -143,6 +145,8 @@
- 
-     /* Allocates the memory and stores key */
-     entry = malloc(sizeof(*entry));
-+    if (entry == NULL)
-+        abort();
-     entry->next = ht->table[index];
-     ht->table[index] = entry;
- 
-@@ -258,6 +262,8 @@
- static dictIterator *dictGetIterator(dict *ht) {
-     dictIterator *iter = malloc(sizeof(*iter));
- 
-+    if(iter == NULL)
-+        abort();
-     iter->ht = ht;
-     iter->index = -1;
-     iter->entry = NULL;

fix-heap-buffer-overflow-in-redisvFormatCommand.patch

@@ -0,0 +1,26 @@
+From 78a8af37c6fc43e5fe4487a7a0762c9473444e37 Mon Sep 17 00:00:00 2001
+From: lingsheng <lingsheng@huawei.com>
+Date: Fri, 4 Jun 2021 11:05:20 +0800
+Subject: [PATCH] fix heap buffer overflow in redisvFormatCommand
+
+---
+ hiredis.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hiredis.c b/hiredis.c
+index 73d0251..af3a079 100644
+--- a/hiredis.c
++++ b/hiredis.c
+@@ -375,6 +375,9 @@ int redisvFormatCommand(char **target, const char *format, va_list ap) {
+ 
+             touched = 1;
+             c++;
++            if (*c == '\0') {
++                goto format_err;
++            }
+         }
+         c++;
+     }
+-- 
+2.23.0
+

fix-memory-uninitialized-in-fuzz-testcase.patch

@@ -0,0 +1,13 @@
+diff --git a/sds.c b/sds.c
+index 49d2096..9d46dc4 100644
+--- a/sds.c
++++ b/sds.c
+@@ -513,7 +513,7 @@ sds sdscatvprintf(sds s, const char *fmt, va_list ap) {
+     } else {
+         buflen = sizeof(staticbuf);
+     }
+-
++    memset(buf, 0, buflen);
+     /* Try with buffers two times bigger every time we fail to
+      * fit the string in the current buffer size. */
+     while(1) {

hiredis.spec

@@ -1,14 +1,14 @@
 Name:           hiredis
-Version:        0.13.3
-Release:        11
+Version:        1.0.2
+Release:        3
 Summary:        A minimalistic C client library for the Redis database
 License:        BSD
 URL:            https://github.com/redis/hiredis
-Source0:        https://github.com/redis/hiredis/archive/v0.13.3.tar.gz#/hiredis-0.13.3.tar.gz
+Source0:        https://github.com/redis/hiredis/archive/refs/tags/v%{version}.tar.gz
 BuildRequires:  gcc redis
 
-Patch0001:      0001-build-do-not-assume-that-INSTALL-is-cp.patch
-Patch0002:      CVE-2020-7105.patch
+Patch0001:      fix-heap-buffer-overflow-in-redisvFormatCommand.patch
+Patch0002:      fix-memory-uninitialized-in-fuzz-testcase.patch
 
 %description
 Hiredis is a minimalistic C client library for the Redis database.
@@ -61,7 +61,19 @@ make check || true
 %{_libdir}/pkgconfig/hiredis.pc
 
 %changelog
-* Thu Mar 17 2020 likexin<likexin4@huawei.com> - 0.13.3-11
+* Fri Dec 16 2022 xu_ping <xuping33@h-partners.com> - 1.0.2-3
+- fix memory uninitialized in fuzz testcase
+
+* Tue May 24 2022 loong_C <loong_c@yeah.net> - 1.0.2-2
+- fix spec changelog date
+
+* Mon Oct 11 2021 houyingchao<houyingchao@huawei.com> - 1.0.2-1
+- Fix CVE-2021-32765
+
+* Fri Jun 4 2021 lingsheng<lingsheng@huawei.com> - 0.13.3-12
+- fix heap buffer overflow in redisvFormatCommand
+
+* Tue Mar 17 2020 likexin<likexin4@huawei.com> - 0.13.3-11
 - fix up cve-2020-7105
 
 * Tue Dec 31 2019 liujing<liujing144@huawei.com> - 0.13.3-10

hiredis.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo:  redis/hiredis
+tag_prefix: ^v
+seperator: .