From 14c633771b5d9975bbba390b0a5e41199feaa96d Mon Sep 17 00:00:00 2001
From: wuzhaomin <wuzhaomin@kylinos.cn>
Date: Thu, 6 Mar 2025 11:14:51 +0800
Subject: [PATCH] fix cve:CVE-2024-31449

---
 fix-CVE-2024-31449.patch | 27 +++++++++++++++++++++++++++
 redis5.spec              |  7 ++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 fix-CVE-2024-31449.patch

diff --git a/fix-CVE-2024-31449.patch b/fix-CVE-2024-31449.patch
new file mode 100644
index 0000000..17dc239
--- /dev/null
+++ b/fix-CVE-2024-31449.patch
@@ -0,0 +1,27 @@
+diff -apurN redis-5.0.14/deps/lua/src/lua_bit.c redis-5.0.14-new/deps/lua/src/lua_bit.c
+--- redis-5.0.14/deps/lua/src/lua_bit.c	2021-10-04 18:58:43.000000000 +0800
++++ redis-5.0.14-new/deps/lua/src/lua_bit.c	2025-03-06 10:46:40.021285097 +0800
+@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
+   const char *hexdigits = "0123456789abcdef";
+   char buf[8];
+   int i;
++  if (n == INT32_MIN) n = INT32_MIN+1;
+   if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
+   if (n > 8) n = 8;
+   for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
+diff -apurN redis-5.0.14/tests/unit/scripting.tcl redis-5.0.14-new/tests/unit/scripting.tcl
+--- redis-5.0.14/tests/unit/scripting.tcl	2021-10-04 18:58:43.000000000 +0800
++++ redis-5.0.14-new/tests/unit/scripting.tcl	2025-03-06 10:50:38.593285097 +0800
+@@ -342,6 +342,12 @@ start_server {tags {"scripting"}} {
+         set e
+     } {*ERR*attempted to create global*}
+ 
++    test {lua bit.tohex bug} {
++        set res [r eval {return bit.tohex(65535, -2147483648)} 0]
++        r ping
++        set res
++    } {0000FFFF}
++
+     test {Test an example script DECR_IF_GT} {
+         set decr_if_gt {
+             local current
diff --git a/redis5.spec b/redis5.spec
index ad7d0b3..911b6b7 100644
--- a/redis5.spec
+++ b/redis5.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             3
+Release:             4
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -27,6 +27,7 @@ Patch0002:           Fix-display-error-message.patch
 
 Patch0003:           Add-loongarch64-support.patch
 Patch0004:           Update-config.guess-and-config.sub.patch
+Patch0005:           fix-CVE-2024-31449.patch
 
 BuildRequires:       gcc
 %if %{with tests}
@@ -92,6 +93,7 @@ tar -xvf  %{SOURCE10}
 %patch0003 -p1
 %patch0004 -p1
 %endif
+%patch0005 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/hiredis/COPYING  COPYING-hiredis
@@ -196,6 +198,9 @@ exit 0
 %{_docdir}/%{Pname}
 
 %changelog
+* Thu Mar 06 2025 wuzhaomin <wuzhaomin@kylinos.cn> - 5.0.14-4
+- fix cve:CVE-2024-31449
+
 * Tue Nov 15 2022 huajingyun <huajingyun@loongson.cn> - 5.0.14-3
 - Update config.guess and config.sub for loongarch
 
-- 
Gitee