Description:
A null pointer dereference (NPD) vulnerability was identified in src/adlist.c. The function listDup fails to verify the success of iterator allocation before passing it to listNext.
Vulnerability Detail:
Source: listGetIterator invokes zmalloc. Under low-memory conditions, it may return NULL.
Propagation: listDup receives this NULL pointer and immediately calls listNext(iter).
Sink: Inside listNext, the dereference iter->next occurs without any safety check, leading to a process crash.
Steps to Reproduce (PoC):
This bug can be theoretically triggered by simulating a zmalloc failure (e.g., using a memory-limited environment or a custom allocator that fails on a specific call).
Suggested Fix:
Add a null check after iterator acquisition in listDup:
iter = listGetIterator(orig, AL_START_HEAD);
if (iter == NULL) return NULL; // Handle allocation failure
Description:
A null pointer dereference (NPD) vulnerability was identified in src/adlist.c. The function listDup fails to verify the success of iterator allocation before passing it to listNext.
Vulnerability Detail:
Source: listGetIterator invokes zmalloc. Under low-memory conditions, it may return NULL.
Propagation: listDup receives this NULL pointer and immediately calls listNext(iter).
Sink: Inside listNext, the dereference iter->next occurs without any safety check, leading to a process crash.
Steps to Reproduce (PoC):
This bug can be theoretically triggered by simulating a zmalloc failure (e.g., using a memory-limited environment or a custom allocator that fails on a specific call).
Suggested Fix:
Add a null check after iterator acquisition in listDup:
iter = listGetIterator(orig, AL_START_HEAD);
if (iter == NULL) return NULL; // Handle allocation failure