[Fix] Prevent use-after-free in Redis callbacks after session cleanup

Set ud->terminated in lua_redis_fin() so async Redis callbacks
don't access task data after the task pool has been freed.

diff --git a/src/lua/lua_redis.c b/src/lua/lua_redis.c
index 214f6433ed027866b1c162a029813c85a535e5f3..4f70025472c619137b24caaa0297067ea4a29e4f 100644 (file)
--- a/src/lua/lua_redis.c
+++ b/src/lua/lua_redis.c
@@ -272,6 +272,8 @@ lua_redis_fin(void *arg)
        msg_debug_lua_redis("finished redis query %p from session %p; refcount=%d",
                                                sp_ud, ctx, ctx->ref.refcount);
        sp_ud->flags |= LUA_REDIS_SPECIFIC_FINISHED;
+       /* Prevent callbacks from accessing task data after session cleanup */
+       ud->terminated = 1;
 
        REDIS_RELEASE(ctx);
 }