From 28ecbd204fceec9f0bf1aa1b2d791b0f7e9fc7e5 Mon Sep 17 00:00:00 2001 From: Jacob Murphy Date: Sun, 26 Apr 2026 20:05:35 -0700 Subject: [PATCH] Ensure client slot migration pointer is cleared during reset (#3554) If not cleared, the job may no longer be valid by the time the client goes to cleanup. This dangling reference could cause a crash if you set slot-migration-log-max-len to 0 and are very unlucky. Signed-off-by: Jacob Murphy --- src/cluster_migrateslots.c | 1 + src/networking.c | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cluster_migrateslots.c b/src/cluster_migrateslots.c index 4c1951e9d..8050156a1 100644 --- a/src/cluster_migrateslots.c +++ b/src/cluster_migrateslots.c @@ -2145,6 +2145,7 @@ void resetSlotMigrationJob(slotMigrationJob *job) { /* Only one of client or conn should be set. */ serverAssert(!job->client || !job->conn); if (job->client) { + job->client->slot_migration_job = NULL; freeClientAsync(job->client); job->client = NULL; } else if (job->conn) { diff --git a/src/networking.c b/src/networking.c index 348d0e4c7..711e7e2b8 100644 --- a/src/networking.c +++ b/src/networking.c @@ -1978,8 +1978,7 @@ void unlinkClient(client *c) { } /* Check if this is the slot migration client we are writing to in a * child process*/ - if (c->slot_migration_job && !isImportSlotMigrationJob(c->slot_migration_job) && - server.slot_migration_pipe_conn == c->conn) { + if (server.slot_migration_pipe_conn == c->conn) { server.slot_migration_pipe_conn = NULL; serverLog(LL_NOTICE, "Slot migration target dropped, killing fork child."); killSlotMigrationChild();