[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8722) MDB_LAST_DUP/FIRST_DUP return item beyond last item



Full_Name: Hallvard B Furuseth
Version: LMDB_0.9.21, mdb.master, master2
OS: Linux x86_64
URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-170905.c
Submission from: (NULL) (81.191.45.31)
Submitted by: hallvard


mdb_cursor_get(MDB_LAST_DUP/MDB_FIRST_DUP) can return a deleted item
when mc_ki[] == NUMKEYS(), i.e. an "ack!" cursor in mdb_cursor_chk().

Happens with the test program without arguments.  When run with
arguments so it uses a sub-page, it returns some other garbage.

$ ./a.out
mc {flags 0x4b, ki-numkeys 0}; mx {flags 0x4, ki 0}
cursor_get() = Successful return: 0
node: dsize 0x68686c6c, flags 0x6161, ksize 0x7a7a key "kkkkkkkkk...", data
"<garbage>".
Segmentation fault (core dumped)

It should return MDB_NOTFOUND or last key:data item, not sure which.
It should return the same when run with and without an argument.