Context
Several command handlers parse protocol fields and numeric values directly from client-controlled input. Production readiness requires strict validation with clear failure behavior, especially for TTLs, integer commands, length fields, and malformed frames.
Examples to review:
src/commands/server/server_command_handlers.c: SET EX and EXPIRE use strtoll() without checking endptr, overflow, negative values, or trailing junk.- Command handlers often trust
key_len, value_len, and optional payload layouts independently.
- Integer command parsing should consistently reject invalid values and detect overflow/underflow.
Scope
- Add shared helpers for safe unsigned/signed integer parsing.
- Validate complete consumption of numeric input (
endptr), range, sign rules, and overflow/underflow.
- Define expected behavior for invalid TTL values: reject non-numeric, negative, overflowing, and truncated values.
- Centralize protocol frame validation where possible so handlers are less error-prone.
- Add malformed-frame tests for every command family.
Acceptance criteria
- Invalid TTLs and integer values return framed errors, not silently coerced values.
- Overflow/underflow is detected for
INCR, INCRBY, DECR, and DECRBY.
- Length-field inconsistencies cannot read outside the received frame.
- Tests cover invalid numeric values, truncated frames, oversized advertised lengths, extra bytes, and zero-length keys.
Context
Several command handlers parse protocol fields and numeric values directly from client-controlled input. Production readiness requires strict validation with clear failure behavior, especially for TTLs, integer commands, length fields, and malformed frames.
Examples to review:
src/commands/server/server_command_handlers.c:SET EXandEXPIREusestrtoll()without checkingendptr, overflow, negative values, or trailing junk.key_len,value_len, and optional payload layouts independently.Scope
endptr), range, sign rules, and overflow/underflow.Acceptance criteria
INCR,INCRBY,DECR, andDECRBY.