Redis Potential null-dereference at redis-cli.c

After having been compared to a NULL value

https://github.com/redis/redis/blob/ff2f0b092c24d5cc590ff1eb596fc0865e0fb721/src/redis-cli.c#L1205

pointer arg->token is passed in call to function addHintForRepeatedArgument

https://github.com/redis/redis/blob/ff2f0b092c24d5cc590ff1eb596fc0865e0fb721/src/redis-cli.c#L1241

where it is dereferenced:

https://github.com/redis/redis/blob/ff2f0b092c24d5cc590ff1eb596fc0865e0fb721/src/redis-cli.c#L1166

(dereference inside function sdscat_orempty)

https://github.com/redis/redis/blob/ff2f0b092c24d5cc590ff1eb596fc0865e0fb721/src/redis-cli.c#L513

---

Found by Linux Verification Center with SVACE

Comment From: sundb

@Anchels thx, can you reproduce this issue?

Comment From: Anchels

@sundb - This isn't an actual bug, but it does indicate a finding from the static analyzer that I believe is confirmed.

Comment From: sundb

@Anchels Static analysis tools can still produce false positives, and we still need to prove it correct in practice.

Comment From: Anchels

@sundb - I don't think I can reproduce this

Comment From: sundb

Reproduce steps: 1. Remove

--- a/src/commands/sort.json
+++ b/src/commands/sort.json
@@ -94,7 +94,6 @@
                 ]
             },
             {
-                "token": "GET",
                 "name": "get-pattern",
                 "display": "pattern",
                 "key_spec_index": 1,

make
./src/redis-cli

then we can see the crash log

Could not connect to Redis at 127.0.0.1:6379: Connection refused
[1]    97600 segmentation fault (core dumped)  ./src/redis-cli

Comment From: sundb

@Anchels thx, this issue will be fixed by https://github.com/redis/redis/pull/14260.