The sdsnewlen and sdsMakeRoomFor function implemented in sds.c is quite similiar to those in the redis. Thus, it's very likely that this integer overflow in CVE-2021-21309 also affects sds.
Would you can help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!
And here is the patch for CVE-2021-21309 for your reference if this issue needs to be fixed.
The
sdsnewlenandsdsMakeRoomForfunction implemented in sds.c is quite similiar to those in the redis. Thus, it's very likely that this integer overflow in CVE-2021-21309 also affects sds. Would you can help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience! And here is the patch for CVE-2021-21309 for your reference if this issue needs to be fixed.