From 9f873c6c2a43ef0c8c4b7dcc043b206a0ca7c734 Mon Sep 17 00:00:00 2001
From: Wen Hui <wen.hui.ware@gmail.com>
Date: Tue, 28 Jul 2020 15:05:48 -0400
Subject: [PATCH] fix leak in error handling of debug populate command (#7062)

valsize was not modified during the for loop below instead of getting from c->argv[4], therefore there is no need to put inside the for loop.. Moreover, putting the check outside loop will also avoid memory leaking, decrRefCount(key) should be called in the original code if we put the check in for loop

(cherry picked from commit 2afa308306fc641204f10a2bbe2fe35e28b6d259)
---
 src/debug.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/debug.c b/src/debug.c
index 60cc2a1fa..0bea69876 100644
--- a/src/debug.c
+++ b/src/debug.c
@@ -591,14 +591,13 @@ NULL
         if (getLongFromObjectOrReply(c, c->argv[2], &keys, NULL) != C_OK)
             return;
         dictExpand(c->db->dict,keys);
+        long valsize = 0;
+        if ( c->argc == 5 && getLongFromObjectOrReply(c, c->argv[4], &valsize, NULL) != C_OK ) 
+            return;
         for (j = 0; j < keys; j++) {
-            long valsize = 0;
             snprintf(buf,sizeof(buf),"%s:%lu",
                 (c->argc == 3) ? "key" : (char*)c->argv[3]->ptr, j);
             key = createStringObject(buf,strlen(buf));
-            if (c->argc == 5)
-                if (getLongFromObjectOrReply(c, c->argv[4], &valsize, NULL) != C_OK)
-                    return;
             if (lookupKeyWrite(c->db,key) != NULL) {
                 decrRefCount(key);
                 continue;