fix: stack corruption in MultiCommandSquasher (#5697)

Fixes #5690

The problem: we accessed the caller stack variables (max_exec_cycles) in MultiCommandSquasher::ExecuteSquashed.
The access was done after the call to `bc.Dec()`, which unblocks ExecuteSquashed.
As a result, the callback function that was still running could corrupt memory contents of some other variable
as ExecuteSquashed could exit by that time.

In addition, harden checks in stream_family.cc in StreamAppendItem.
Finally, we update helio which fixes #5693

Signed-off-by: Roman Gershman <roman@dragonflydb.io>

Author: romange

helio

@@ -296,14 +296,15 @@ bool MultiCommandSquasher::ExecuteSquashed(facade::RedisReplyBuilder* rb) {
         stats_.yields++;
       }
       this->SquashedHopCb(EngineShard::tlocal(), rb->GetRespVersion());
-      bc->Dec();
       uint64_t exec_time = CycleClock::Now() - start;
       current = max_exec_cycles.load(memory_order_relaxed);
       while (exec_time > current) {
         if (max_exec_cycles.compare_exchange_weak(current, exec_time, memory_order_relaxed,
                                                   memory_order_relaxed))
           break;
       }
+
+      bc->Dec();  // Release barrier: Must be the last one in the callback.
     };
     for (unsigned i = 0; i < sharded_.size(); ++i) {
       if (!sharded_[i].dispatched.empty())

src/server/multi_command_squasher.cc

@@ -432,6 +432,7 @@ int StreamAppendItem(stream* s, CmdArgList fields, uint64_t now_ms, streamID* ad
     /* Get a reference to the tail node listpack. */
     lp = (uint8_t*)ri.data;
     lp_bytes = lpBytes(lp);
+    CHECK_GT(lp_bytes, 0U);
   }
   raxStop(&ri);