From d4ebb60d65499ca5e2290eedcd02beb4736771ca Mon Sep 17 00:00:00 2001
From: Pieter Noordhuis <pcnoordhuis@gmail.com>
Date: Thu, 21 Apr 2011 18:50:10 +0200
Subject: [PATCH] More OOM checks in the protocol reader

---
 hiredis.c | 26 ++++++++++++++++++++++++--
 hiredis.h |  2 +-
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/hiredis.c b/hiredis.c
index b03f1d1..a716f59 100644
--- a/hiredis.c
+++ b/hiredis.c
@@ -539,6 +539,11 @@ redisReader *redisReaderCreate(void) {
     r->errstr[0] = '\0';
     r->fn = &defaultFunctions;
     r->buf = sdsempty();
+    if (r->buf == NULL) {
+        free(r);
+        return NULL;
+    }
+
     r->ridx = -1;
     return r;
 }
@@ -551,7 +556,13 @@ void redisReaderFree(redisReader *r) {
     free(r);
 }
 
-void redisReaderFeed(redisReader *r, const char *buf, size_t len) {
+int redisReaderFeed(redisReader *r, const char *buf, size_t len) {
+    sds newbuf;
+
+    /* Return early when this reader is in an erroneous state. */
+    if (r->err)
+        return REDIS_ERR;
+
     /* Copy the provided buffer. */
     if (buf != NULL && len >= 1) {
         /* Destroy internal buffer when it is empty and is quite large. */
@@ -559,11 +570,22 @@ void redisReaderFeed(redisReader *r, const char *buf, size_t len) {
             sdsfree(r->buf);
             r->buf = sdsempty();
             r->pos = 0;
+
+            /* r->buf should not be NULL since we just free'd a larger one. */
+            assert(r->buf != NULL);
         }
 
-        r->buf = sdscatlen(r->buf,buf,len);
+        newbuf = sdscatlen(r->buf,buf,len);
+        if (newbuf == NULL) {
+            __redisReaderSetErrorOOM(r);
+            return REDIS_ERR;
+        }
+
+        r->buf = newbuf;
         r->len = sdslen(r->buf);
     }
+
+    return REDIS_OK;
 }
 
 int redisReaderGetReply(redisReader *r, void **reply) {
diff --git a/hiredis.h b/hiredis.h
index 1655801..3a79e11 100644
--- a/hiredis.h
+++ b/hiredis.h
@@ -134,7 +134,7 @@ typedef struct redisReader {
 /* Public API for the protocol parser. */
 redisReader *redisReaderCreate(void);
 void redisReaderFree(redisReader *r);
-void redisReaderFeed(redisReader *r, const char *buf, size_t len);
+int redisReaderFeed(redisReader *r, const char *buf, size_t len);
 int redisReaderGetReply(redisReader *r, void **reply);
 
 /* Backwards compatibility, can be removed on big version bump. */