I analyzed the source code of redis 2.8.4 and found several potential null pointer dereference bugs. I listed them below.all files mentioned below is inside the /redis/redis/deps/hiredis folder.Would you help to check whether this is a true bug? Thanks very much.
In file dict.c,defination of function dictGetIterator,line 259,Function malloc may fail to allocate memory,and then iter may be a null pointer.Statements following line 259 may derefer a null pointer as following graph showed.
In file async.c,defination of callbackValDup,line 71,Function malloc may fail to allocate memory and Function memcpy may copy data to null pointer as following graph shows.
In file async.c,defination of redisAsyncInitialize,line105,Function realloc may fail to allocate memory(lacking failure check),as such,it may incur null pointer dereference as follwing graph show.
In file dict.c,defination of dictCreate,line 75,function _dicInit is called and ht act as the first parameter.In line 81,function _dictReset is called and in line 66~line 69,there are several statement will execute by derefer ht,which can be null.
In file sds.c,defination of removeFreeSpace,line 159,zrealloc my fail to allocate memory,so it may incur null pointer dereference as following graph shows.
Comment From: oranagra
@Hyxl1017 this is a very old version, there's no reason to look into it if the bug no longer exist in the latest (unstable branch).
i.e. if they're already fixed, we won't "re-fix" them, right? and won't re-release 2.8.4 (or any new 2.8.x version since it's so old).
further more, if these bugs are in hiredis, specifically if they exist in the latest (master branch), they should be reported and fixed there (https://github.com/redis/hiredis)