[Issue 9037] observing crash in mdb_cursor_put() - openldap-bugs

25 Mar 2024

https://bugs.openldap.org/show_bug.cgi?id=9037
--- Comment #35 from Howard Chu hyc@openldap.org ---
(In reply to mdufour from comment #34)
...
Thanks to the test application, I was able to identify a key missing step in
my description: process2 creates a named database (under a different name)
after dropping the initial one. I can reproduce the crash by inserting the
following lines @ 104:
E(mdb_txn_begin(env, NULL, 0, &txn));
   E(mdb_dbi_open(txn, "id2", MDB_CREATE, &dbi));
   E(mdb_txn_commit(txn));
OK, that reproduces it. This patch should fix it, please test, thanks:

diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index 13d1aea39e..f0a65d97ab 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -6670,7 +6670,7 @@ mdb_page_search(MDB_cursor *mc, MDB_val *key, int flags)
                                        MDB_node *leaf = mdb_node_search(&mc2,
                                                &mc->mc_dbx->md_name, &exact);
                                        if (!exact)
-                                               return MDB_NOTFOUND;
+                                               return MDB_BAD_DBI;
                                        if ((leaf->mn_flags &
(F_DUPDATA|F_SUBDATA)) != F_SUBDATA)
                                                return MDB_INCOMPATIBLE; /* not
a named DB */
                                        rc = mdb_node_read(&mc2, leaf, &data);
-- 
You are receiving this mail because:
You are on the CC list for the issue.

    