Redis Dereference of null pointer in the function clusterManagerShowClusterInfo

Hello,

We are working on developing static analysis techniques and tools to find critical software bugs.

We tested our prototype on redis and found the following bug (e.g. dereference of null pointer) in the function clusterManagerShowClusterInfo defined in redis-cli.c, which was introduced by the commit 486c7af7b8c75d76df4cf9ea2571d4e5a6e000c3

            if (reply != NULL || reply->type == REDIS_REPLY_INTEGER)
                dbsize = reply->integer;

Specifically, we believe that the condition should use "&&" rather than "||". Otherwise, when reply is NULL, a null pointer dereference will follow immediately.

Your feedback would be super important to improve our analysis tool. So, could you please confirm (and fix) this bug?

Comment From: trevor211

It's already fixed by bdc783b472.

Comment From: oranagra

thank you both.