Potential Null Pointer Dereference when OOM in `process_bin_update`

[viennadd]

Hi,

Our code scanner has reported a null pointer deference issue in function process_bin_update of memcached.c#L2273

assuming there is an OOM occurs then item_alloc returns NULL and assigned to variable it,
LOGGER_LOG would dereference it by doing it->exptime

Could any one have a look and see if it is a true issue?

    it = item_alloc(key, nkey, req->message.body.flags,
            realtime(req->message.body.expiration), vlen+2);

    if (it == 0) {
        enum store_item_type status;
        if (! item_size_ok(nkey, req->message.body.flags, vlen + 2)) {
            write_bin_error(c, PROTOCOL_BINARY_RESPONSE_E2BIG, NULL, vlen);
            status = TOO_LARGE;
        } else {
            out_of_memory(c, "SERVER_ERROR Out of memory allocating item");
            /* This error generating method eats the swallow value. Add here. */
            c->sbytes = vlen;
            status = NO_MEMORY;
        }
        /* FIXME: losing c->cmd since it's translated below. refactor? */
        LOGGER_LOG(c->thread->l, LOG_MUTATIONS, LOGGER_ITEM_STORE,
                NULL, status, 0, key, nkey, it->exptime, ITEM_clsid(it));

Regards,
SourceBrella Inc.

[dormando]

yup, looks like I goofed that. Will fix as soon as I can, thanks for the report!