[CRASH] crash in hincrbyfloat -> hrandfield #634
Description
Reproduce
hincrbyfloat test tmp -inf
hrandfield test -3 withvalues
Backtrace
=== KEYDB BUG REPORT START: Cut & paste starting from here ===
# === ASSERTION FAILED ===
# ==> ziplist.c:1610 'total_size' is not true
------ STACK TRACE ------
Backtrace:
keydb-server *:6379(ziplistRandomPairs+0x2e5) [0x5555556bab05]
keydb-server *:6379(hrandfieldWithCountCommand(client*, long, int)+0x191) [0x555555757e31]
keydb-server *:6379(hrandfieldCommand(client*)+0xd9) [0x5555557584d9]
keydb-server *:6379(call(client*, int)+0xb1) [0x555555767ae1]
keydb-server *:6379(processCommand(client*, int)+0x954) [0x555555768c64]
keydb-server *:6379(processCommandAndResetClient(client*, int)+0x66) [0x5555556afef6]
keydb-server *:6379(processInputBuffer(client*, bool, int)+0x174) [0x5555556b6084]
keydb-server *:6379(processClients()+0xd9) [0x5555556b6219]
keydb-server *:6379(+0x19ab62) [0x5555556eeb62]
keydb-server *:6379(beforeSleep(aeEventLoop*)+0x160) [0x55555569b330]
keydb-server *:6379(aeProcessEvents+0x10b) [0x555555695b0b]
keydb-server *:6379(aeMain+0x47) [0x55555569c4e7]
keydb-server *:6379(workerThreadMain(void*)+0x73) [0x55555576a5b3]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7ffff5c4b6db]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7ffff597461f]
Aditional information
- The crash can be reproduced on the keydb 6.3.2 docker image.
- A similar crash was also found in redis and has been patched in the unstable branch. The related PR commit can be found at redis/redis@bc7fe41, which might help with implementing the fix for keydb.
Thanks.