There is a potential bug of null pointer dereference.In file dict.c,line 259,Function malloc my fail to allocate memory,and then iter may be a null pointer.Statements following line 259 may derefer a null pointer as following graph showed.
Comment From: oranagra
@Hyxl1017 i don't know where you took these screenshot and code, but that's not redis code! This code you're showing doesn't exist in Redis in that form, and never has. P.S. If you mention line numbers, you should probably mention a branch name or a git sha.
Redis doesn't use malloc directly. It uses zmalloc, and that one never returns NULL. Instead, it panics and exists when an allocation fails. So the few places that do check for NULL in Redis are for the most part dead code. (the reception are the recently introduced ztrymalloc calls.
I didn't go over all the issues you opened, please close the ones that are not applicable to redis, and maybe open in the repo where that code you tested actually exists. If there's anything that is applicable for redis, feel free to mention me there, but note that as is clear from my text above, redis doesn't aim to cope with a failed allocation in most places.
Comment From: ash1852
@Hyxl1017 i don't know where you took these screenshot and code, but that's not redis code! This code you're showing doesn't exist in Redis in that form, and never has. P.S. If you mention line numbers, you should probably mention a branch name or a git sha.
Redis doesn't use
mallocdirectly. It useszmalloc, and that one never returns NULL. Instead, it panics and exists when an allocation fails. So the few places that do check for NULL in Redis are for the most part dead code. (the reception are the recently introducedztrymalloccalls.I didn't go over all the issues you opened, please close the ones that are not applicable to redis, and maybe open in the repo where that code you tested actually exists. If there's anything that is applicable for redis, feel free to mention me there, but note that as is clear from my text above, redis doesn't aim to cope with a failed allocation in most places.
I'm very sorry for what I did. I got the source code on Ubuntu apt. I'm sorry I didn't check the location of these codes carefully. I'm really sorry.
Comment From: ash1852
I checked again. The source file location I mentioned is under the "redis / DEPs / hiredis /" path.
Comment From: oranagra
Ohh, I forgot there's also a dict.c file inside the deps/hiredis folder. I.E. There's also one in the redis src folder with a similar function, that one is the one I referred to that doesn't call malloc directly.
Maybe you wanna open that issue in the hiredis repo (there a separate repo for it).
Comment From: oranagra
Btw, one issue to discuss all these similar problems is better than one issue per line.
Comment From: ash1852
Btw, one issue to discuss all these similar problems is better than one issue per line.
ok,I wiil open a new issue including all these similar problems there,thank you very much for your advice.
Comment From: ash1852
Ohh, I forgot there's also a dict.c file inside the deps/hiredis folder. I.E. There's also one in the redis src folder with a similar function, that one is the one I referred to that doesn't call malloc directly.
Maybe you wanna open that issue in the hiredis repo (there a separate repo for it).
I have seen the hiredis repo you refered,but its content is different from the version I got.And I have verified that the source code I got is consistent with branch 2.8.So I want to open a issue about version 2.8 and I will list all potential bug in version 2.8. This is the first time I have used GitHub and issue something. If my behavior is not in line with the Convention, please don't mind.
Comment From: oranagra
@Hyxl1017 as far as i can tell, hiredis doesn't have a 2.8 branch, are you referring to this repo?
there's no reason to report bugs in old versions, i.e. they're already fixed, or not relevant anymore.
if you see any issues in the latest (master) branch, that's what you should report.