[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7658) LMDB: Crash when mdb_del should ignore data, back trace and patch provided

Full_Name: Salvador Ortiz
Version: 24
OS: Linux
URL: ftp://ftp.msg.com.mx/pub/varios/mdb_del-must-ignore-data.patch
Submission from: (NULL) (

According to the documentation, mdb_del should ignore the data parameter if the
dbi was not opened with MDB_DUPSORT, but this check is missing causing a
segfault deep in mdb_cursor_set when a NULL dcmp is called.

I discovered this in the following back trace:

#0  0x0000000000000000 in ?? ()
#1  0x00007ffff1080f69 in mdb_cursor_set (mc=mc@entry=0x7fffffffd220, 
    key=key@entry=0x7fffffffd5f0, data=0x7fffffffd210, op=MDB_GET_BOTH, 
    exactp=exactp@entry=0x7fffffffd20c) at mdb.c:5149
#2  0x00007ffff10862af in mdb_del (txn=txn@entry=0xe60a10, dbi=1, 
    key=key@entry=0x7fffffffd5f0, data=data@entry=0x7fffffffd600) at mdb.c:7164

A simple patch against gitorious's mdb.master provided.