fix invalid memory address or nil pointer dereference in baseClient.initConn

[olde-ducke]

Resolves #3675.

Fixes nil pointer dereference and potential deadlock in *baseClient.initConn().

---

Note

Low Risk
Low risk: adds nil-argument panics to client constructors and updates Options() docs; behavior only changes for previously invalid nil inputs and for callers mutating returned option pointers.

Overview
Adds explicit nil option guards (panic with clear message) to NewClusterClient and documents the same expectation across NewClient, NewRing, NewFailoverClient, NewFailoverClusterClient, NewSentinelClient, and NewUniversalClient.

Clarifies that Client.Options(), ClusterClient.Options(), and Ring.Options() return read-only option pointers and that mutating the returned structs may cause undefined behavior.

^{Written by Cursor Bugbot for commit 3694c07. This will update automatically on new commits. Configure here.}

[jit-ci]

Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset.

In case there are security findings, they will be communicated to you as a comment inside the PR.

Hope you’ll enjoy using Jit.

Questions? Comments? Want to learn more? Get in touch with us.

[ndyakov]

Hello @olde-ducke, let's continue the discussion in the issue and we can work on merging a fix.

[ndyakov]

Hey @olde-ducke, overall i think this is fine. We cannot however make sure that Options is readonly only with this cloning, since for example the PushNotificationProcessor will be the same one and users can Unregister handlers.

After all I am not concerned with problems resulting from such usages of the Options return value. It is since it is documented that the return from Options should be read only, maybe we can add that "Any alteration of the returned *redis.Options may result in undefined behaviour.". What do you think?

[olde-ducke]

Yeah, the changes I made do not defend against every possible case. So I think adding note to the doc is better.

I also kept the additional nil check in NewClusterClient from previous commits, since it is the only client that does not check whether options are nil. I hope this is okay.