Full_Name: Hallvard B Furuseth Version: mdb.master 057e0686303444d56f29a7bee0536e261fdf0b6a OS: Linux x86_64 URL: Submission from: (NULL) (193.69.163.163) Submitted by: hallvard mdb_put() not check for too big data. mdb_cursor_put() does not check for too big key either. Nor can I see that ldmb.h documents the limits, and there is no way to ask liblmdb what the limits are. This can write an item of size (5000000000 & 0xffffffff) or crash: MDB_val k1 = {3, "foo"}, x = {5000000000, NULL}; mdb_dbi_open(txn, NULL, MDB_CREATE, &dbi); mdb_put(txn, dbi, &k1, &x, MDB_RESERVE); Crash: MDB_val k1 = {3, "foo"}, y = {5, "xyzzy"}, z = {10000, calloc(1,10000)}; mdb_dbi_open(txn, NULL, MDB_CREATE|MDB_DUPSORT, &dbi); mdb_put(txn, dbi, &k1, &y, 0); mdb_put(txn, dbi, &k1, &z, 0); /* segfault */ Crash: MDB_val k2 = {8000, calloc(1, 8000)}, y = {5, "xyzzy"}; mdb_cursor_put(mc, &k2, &y, 0); while this gives a proper EINVAL: mdb_put(txn, dbi, &k2, &y, 0);
changed notes changed state Open to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
changed notes changed state Release to Closed
fixed in master fixed in RE24