Redis [BUG] Missing check for string length in redis-check-aof.c leads to integer overflow.

In the file redis-check-aof.c, we have the following code:

int readString(FILE *fp, char** target) {
    long len;
    *target = NULL;
    if (!readLong(fp,'$',&len)) {
        return 0;
    }

    /* Increase length to also consume \r\n */
    len += 2;
    *target = (char*)zmalloc(len);
    if (!readBytes(fp,*target,len)) {
        return 0;
    }
    ...
}

The variable len is read from the file. It could be a large value (e.g., LONG_MAX) such that len += 2 may result in integer overflow. Moreover, since signed overflow is undefined behavior in C, it should be avoided anyway.

Comment From: oranagra

handled in the above mentioned PR.