Prevent later accesses to unallocated memory (#907)

A pointer to dtype is stored in the dict forever. dtype is stack-allocated while the dict created is global. The dict (and the pointer to dtype in it) will live past the lifetime of dtype. clusterManagerLinkDictType is a global object that has the same values as dtype. Signed-off-by: Salvatore Mesoraca <[email protected]>
valkey-io · Sep 3, 2024 · f7aa9e4 · f7aa9e4
1 parent 9452f42
commit f7aa9e4
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/src/valkey-cli.c b/src/valkey-cli.c
@@ -6401,10 +6401,7 @@ static int clusterManagerCheckCluster(int quiet) {
         clusterManagerOnError(err);
         result = 0;
         if (do_fix /* && result*/) {
-            dictType dtype = clusterManagerDictType;
-            dtype.keyDestructor = dictSdsDestructor;
-            dtype.valDestructor = dictListDestructor;
-            clusterManagerUncoveredSlots = dictCreate(&dtype);
+            clusterManagerUncoveredSlots = dictCreate(&clusterManagerLinkDictType);
             int fixed = clusterManagerFixSlotsCoverage(slots);
             if (fixed > 0) result = 1;
         }