It turns out there are two bugs causing two failures in this ticket. This one is about the first failure.
A special client query might overflow the query buffer in the client structure and crash the client.
Yes. A bad query format detected (server side) but not logged; client Crash.
1. send a query starts with “\x00” (feature start)
2. Keep writing to this query stream
You should observe this query eventually will cause the client to crash.
2. (client + server)
Crash, but the stack trace is not super useful.
It’s hard to trace all the way to the beginning of the user’s query (where the bad format occurs).
If a query startw with “\x00”, Redis was expecting to see a newline. Since it never arrived, it will overflow the query buffer and caused crash.
The interesting thing is Redis already checked the error, but it didn’t log nor handle it.
Incorrect error handling