Full_Name: Nic Watson Version: LMDB 0.9.21 OS: Ubuntu 16.04.3 LTS URL: https://gist.github.com/jnwatson/86b43b0515fe552a087d741d4ab43922 Submission from: (NULL) (108.56.136.246)
See the URL for the minimal C program to reproduce the crash and the gdb backtrace.
LMDB will seg fault in mdb_dbi_open when creating a new database if the environment was opened read-only.
This was found trying to update py-lmdb from 0.9.19 to 0.9.21. Two unit tests crashed that didn't crash before, both on the same line in mdb.c. The program in the URL is derived from one of the tests.
The change was introduced in commit e8e82933. In mdb.c, line 9772 (https://github.com/LMDB/lmdb/blob/LMDB_0.9.21/libraries/liblmdb/mdb.c#L9772) the mdb_cursor_put was wrapped in the macro WITH_CURSOR_TRACKING. In that macro, the variable tp is assigned the address of an entry of the passed-in cursor's transaction's mt_cursors array. However, mt_cursors isn't initialized in this case.