Null pointer de-referencing at DISCONNECT command process stage

[vyivanov]

Describe the bug De-referencing point: ptrCompare (a=0x0, b=..., value=...) in src/Heap.c Seems the problem with Red-Black Tree processing.

To Reproduce Reproducer does not exists. Crash was met in production environment. Reproduction rate: rare.

Expected behavior

Screenshots

Log files

#0  0x00007f4a59cf1277 in ptrCompare (a=0x0, b=0x7f47f8001ab0, value=0) at ./src/Heap.c:116
#1  0x00007f4a59cf2323 in TreeFindIndex1 (aTree=<optimized out>, value=0, index=0, key=0x7f47f8001ab0) at ./src/Tree.c:293
#2  TreeFindIndex (index=0, key=0x7f47f8001ab0, aTree=<optimized out>) at ./src/Tree.c:305
#3  TreeFind (aTree=<optimized out>, key=0x7f47f8001ab0) at ./src/Tree.c:317
#4  Internal_heap_unlink (p=0x7f47f8001ab8, line=534, file=0x7f4a59cfa760 "./src/MQTTPacket.c") at ./src/Heap.c:250
#5  myfree (file=0x7f4a59cfa760 "./src/MQTTPacket.c", line=534, p=0x7f47f8001ab8) at ./src/Heap.c:282
#6  0x00007f4a59cec2a7 in MQTTPacket_send_disconnect (props=0x7f46a0001ce0, reason=MQTTREASONCODE_SUCCESS, client=0x5626786de458) at ./src/MQTTPacket.c:534
#7  MQTTAsync_closeOnly (client=0x5626786de458, reasonCode=MQTTREASONCODE_SUCCESS, props=0x7f46a0001ce0) at ./src/MQTTAsyncUtils.c:2339
#8  0x00007f4a59cec3aa in MQTTAsync_closeSession (client=0x5626786de458, reasonCode=MQTTREASONCODE_SUCCESS, props=0x7f46a0001ce0) at ./src/MQTTAsyncUtils.c:2363
#9  0x00007f4a59cdbc3d in MQTTAsync_checkDisconnect (handle=0x562678182588, command=0x7f46a0001c98) at ./src/MQTTAsyncUtils.c:945
#10 0x00007f4a59ce1c75 in MQTTAsync_processCommand () at ./src/MQTTAsyncUtils.c:1486
#11 0x00007f4a59ce5e55 in MQTTAsync_sendThread (n=<optimized out>) at ./src/MQTTAsyncUtils.c:1764
#12 0x00007f4a5948fac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#13 0x00007f4a59521850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Environment (please complete the following information):

• Linux 5.13.0-41-generic 20.04.1-Ubuntu SMP Wed Apr 20 13:16:21 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
• Version 1.3.9

Additional context

[icraggs]

I'm unlikely to be able to work out more without more information such as a client library trace. This does look like an error in the internal memory tracking which a fix since the 1.3.9 release.