Skip to content

Bug: Potential NULL Pointer Dereference in redisReconnect #1315

New issue
New issue
Open
#1316
Open
Bug: Potential NULL Pointer Dereference in redisReconnect#1315
#1316
@MicroMilo

Description

@MicroMilo
MicroMilo
opened on Nov 25, 2025

hiredis/hiredis.c

Lines 775 to 782 in e834b57

if (c->privctx && c->funcs->free_privctx) {
c->funcs->free_privctx(c->privctx);
c->privctx = NULL;
}
if (c->funcs && c->funcs->close) {
c->funcs->close(c);
}

I am performing static analysis on the codebase and identified a potential NULL Pointer Dereference in redisReconnect located in hiredis.c.

There is an inconsistency in how c->funcs is guarded.

In the block handling free_privctx, c->funcs is dereferenced without a check, assuming it is non-NULL if c->privctx is present:

if (c->privctx && c->funcs->free_privctx) {
    c->funcs->free_privctx(c->privctx); // CRASH if c->funcs is NULL
    c->privctx = NULL;
}

However, immediately after, the code explicitly checks if c->funcs is NULL before accessing close:

if (c->funcs && c->funcs->close) {
    c->funcs->close(c);
}

If c->funcs can be NULL (as implied by the second check), the first block is unsafe.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions