Giters

redis / redis

Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes, Streams, HyperLogLogs, Bitmaps.

Home Page:http://redis.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] There is a memory leak defect at line 5981 of the file redis-cli.c in /redis/src/.

LuMingYinDetect opened this issue · comments

commented

Describe the bug

A variable named "slot_nodes" is defined at line 5967 of the file redis-cli.c in /redis/src/. It allocates a block of dynamic memory using the listCreate function. When the if statement at line 5978 evaluates to true, the program jumps to the "cleanup" label at line 5981 using a goto statement. During this process, the dynamic memory allocated to slot_nodes is neither used as shown in line 5994 nor released at the "cleanup" label, resulting in a memory leak defect.as shown in the figure below:
https://github.com/LuMingYinDetect/redis_defects/blob/main/redis_1.png

To reproduce

The detection tool I'm using is the Clang Static Analyzer, which employs static analysis techniques. The tool's defect reports provide the path that triggers the defect. Based on the aforementioned path, the defect can be reproduced.

Expected behavior

If the defect is confirmed, it is advisable to address it by making necessary fixes.

commented

@LuMingYinDetect Thanks, do you wanna make a PR for this?

commented

@LuMingYinDetect Thanks, do you wanna make a PR for this?

Thank you for your prompt response! I'm at a loss on how to fix this defect. Could I trouble you to fix it?

commented

@LuMingYinDetect a minor patch, if you want welcome to make PR for it, also i can do it if you need me.

diff --git a/src/redis-cli.c b/src/redis-cli.c
index 0c9f088da..e8484956c 100644
--- a/src/redis-cli.c
+++ b/src/redis-cli.c
@@ -5978,6 +5978,7 @@ static int clusterManagerFixSlotsCoverage(char *all_slots) {
                 if (!clusterManagerCheckRedisReply(n, reply, NULL)) {
                     fixed = -1;
                     if (reply) freeReplyObject(reply);
+                    if (slot_nodes) listRelease(slot_nodes);
                     goto cleanup;
                 }
                 assert(reply->type == REDIS_REPLY_ARRAY);
commented

@LuMingYinDetect a minor patch, if you want welcome to make PR for it, also i can do it if you need me.

diff --git a/src/redis-cli.c b/src/redis-cli.c
index 0c9f088da..e8484956c 100644
--- a/src/redis-cli.c
+++ b/src/redis-cli.c
@@ -5978,6 +5978,7 @@ static int clusterManagerFixSlotsCoverage(char *all_slots) {
                 if (!clusterManagerCheckRedisReply(n, reply, NULL)) {
                     fixed = -1;
                     if (reply) freeReplyObject(reply);
+                    if (slot_nodes) listRelease(slot_nodes);
                     goto cleanup;
                 }
                 assert(reply->type == REDIS_REPLY_ARRAY);

Thank you for your patient explanation! I have submitted a pull request.