Fix memleak in tracking.c

[sfu2]

Resolves #14188

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

[kaplanben]

Checkmarx One – Scan Summary & Details – 4950ae89-0727-456f-bc5f-45fa34f1bfe4

New Issues (8)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Buffer_Overflow_Wrong_Buffer_Size	/src/sha1.c: 65	details The buffer buffer created in /src/sha1.c at line 65 is written to a buffer in /src/sha1.c at line 65 by block, but an error in calculating the al... ID: N9gGLsUP8UQvFZEl1N39fgD7jYQ%3D Attack Vector
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 3677	details The buffer buf created in /src/redis-cli.c at line 3677 is written to a buffer in /deps/hiredis/sds.c at line 234 by newsh, but an error in calc... ID: %2BpSSxZAM7xfUiads1egmyYebO5I%3D Attack Vector
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 3677	details The buffer buf created in /src/redis-cli.c at line 3677 is written to a buffer in /deps/hiredis/sds.c at line 234 by hdrlen, but an error in cal... ID: zN%2FI3F1XTVrKpHuopU6EZZmWXt4%3D Attack Vector
	Buffer_Overflow_Wrong_Buffer_Size	/deps/linenoise/linenoise.c: 1200	details The buffer buf created in /deps/linenoise/linenoise.c at line 1200 is written to a buffer in /deps/hiredis/sds.c at line 97 by sh, but an error i... ID: oykVSjUcVC%2FEMplDwW4P3YG7%2FzE%3D Attack Vector
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 10594	details The buffer argv created in /src/redis-cli.c at line 10594 is written to a buffer in /deps/hiredis/sds.c at line 97 by sh, but an error in calcul... ID: eStOv%2FTaWfWWBCJCCgzT7mgYJU0%3D Attack Vector
	Buffer_Overflow_Wrong_Buffer_Size	/deps/linenoise/linenoise.c: 1166	details The buffer fgetc created in /deps/linenoise/linenoise.c at line 1166 is written to a buffer in /deps/hiredis/sds.c at line 97 by sh, but an error... ID: v3h9G7I8PLSutWNyC8k4gGzAdDA%3D Attack Vector
	Divide_By_Zero	/modules/vector-sets/fastjson_test.c: 121	details The application performs an illegal operation in generate_random_string, in /modules/vector-sets/fastjson_test.c. In line 121, the program at... ID: qiowoZ%2FDUFf8wA3ZCvKY8M0GHks%3D Attack Vector
	Divide_By_Zero	/src/redis-cli.c: 6040	details The application performs an illegal operation in clusterManagerNodeMasterRandom, in /src/redis-cli.c. In line 6053, the program attempts to divi... ID: Wdmj3BiFZXbdNClmOY%2Fr1waYywk%3D Attack Vector

Fixed Issues (5)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 3677
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 3677
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 3677
	Buffer_Overflow_Wrong_Buffer_Size	/src/redis-cli.c: 3677
	Divide_By_Zero	/deps/jemalloc/src/nstime.c: 149

[shahsb]

LGTM. Thanks!

[sundb]

@sfu2 thx, can you make a test to cover it?

[sfu2]

@sfu2 thx, can you make a test to cover it?

I've looked into writing a test to cover the bug, but I'm finding it quite challenging due to my limited familiarity with Tcl and the structure of Redis's test suite.

[sundb]

@sfu2 you can add your test by referring to other tests in tracking.tcl, and then verify it using ./runtest --single unit/tracking --only "your test name"
feel free to call me if you want any help.

[vitahlin]

I'm so sorry about the overlap! I didn't realize you were also working on this when I submitted my PR(#14817). It seems mine was just merged. My apologies for the duplication of effort, and I really appreciate your work on this as well.