asyncCloseClientOnOutputBufferLimitReached(): don't free fake clients.

Fake clients are used in special situations and are not linked to the normal clients list, freeing them will always result in Redis crashing in one way or the other. It's not common to send replies to fake clients, but we have one usage in the modules API. When a client is blocked, we associate to the blocked client object (that is safe to manipulate in a thread), a fake client that accumulates replies. So because of this bug there was the problem described in issue #5443. The fix was verified to work with the provided example module. To write a regression is very hard and unlikely to be triggered in the future.
2025-04-25 10:32:14 +00:00 · 2018-10-30 13:38:41 +01:00 · 2018-10-30 13:38:41 +01:00 · a677923d7c
commit a677923d7c
parent 427e440a58
1 changed files with 1 additions and 0 deletions
--- a/src/networking.c
+++ b/src/networking.c
@ -2109,6 +2109,7 @@ int checkClientOutputBufferLimits(client *c) {
 * called from contexts where the client can't be freed safely, i.e. from the
 * lower level functions pushing data inside the client output buffers. */
 void asyncCloseClientOnOutputBufferLimitReached(client *c) {
+    if (c->fd == -1) return; /* It is unsafe to free fake clients. */
    serverAssert(c->reply_bytes < SIZE_MAX-(1024*64));
    if (c->reply_bytes == 0 || c->flags & CLIENT_CLOSE_ASAP) return;
    if (checkClientOutputBufferLimits(c)) {