1 files changed, 33 insertions, 0 deletions

diff --git a/CVE-2019-10192-1.patch b/CVE-2019-10192-1.patch
new file mode 100644
index 0000000..f070446
--- /dev/null
+++ b/CVE-2019-10192-1.patch
@@ -0,0 +1,33 @@
+From 9f13b2bd4967334b1701c6eccdf53760cb13f79e Mon Sep 17 00:00:00 2001
+From: John Sully <john@csquare.ca>
+Date: Thu, 14 Mar 2019 14:02:16 -0400
+Subject: [PATCH] Fix hyperloglog corruption
+
+---
+ src/hyperloglog.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/hyperloglog.c b/src/hyperloglog.c
+index fc21ea0065d..e993bf26e1d 100644
+--- a/src/hyperloglog.c
++++ b/src/hyperloglog.c
+@@ -614,6 +614,10 @@ int hllSparseToDense(robj *o) {
+         } else {
+             runlen = HLL_SPARSE_VAL_LEN(p);
+             regval = HLL_SPARSE_VAL_VALUE(p);
++            if ((runlen + idx) > HLL_REGISTERS) {
++                sdsfree(dense);
++                return C_ERR;
++            }
+             while(runlen--) {
+                 HLL_DENSE_SET_REGISTER(hdr->registers,idx,regval);
+                 idx++;
+@@ -1088,6 +1092,8 @@ int hllMerge(uint8_t *max, robj *hll) {
+             } else {
+                 runlen = HLL_SPARSE_VAL_LEN(p);
+                 regval = HLL_SPARSE_VAL_VALUE(p);
++                if ((runlen + i) > HLL_REGISTERS)
++                    return C_ERR;
+                 while(runlen--) {
+                     if (regval > max[i]) max[i] = regval;
+                     i++;