[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#9073) md_cmp() called with zero size key

To: openldap-its@OpenLDAP.org
Subject: (ITS#9073) md_cmp() called with zero size key
From: juerg.bircher@gmail.com
Date: Sat, 31 Aug 2019 07:32:03 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Juerg Bircher
Version: LMDB master
OS: macOS / linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.75.150.99)



I had the situation that my custom compare function was called with a MDB_val
with zero size. 
I assume this should never happen as a key with zero length should not be
valid?
Unfortunately I do not have a simple case to reproduce it as it happens in large
transaction with a lot of mdb_cursor_put() interleaved with mdb_cursor_get()
calls. 
However it is reproducible.

In mdb_cursor_set() at line mdb.c:6943 nodekey.mv_size is zero.

		rc = mc->mc_dbx->md_cmp(key, &nodekey);

So the custom compare function is called with a value of zero length.
		
A possible fix could be to surrond the code from line 6943 to 7007 with a check

        if (nodekey.mv_size > 0) {
			rc = mc->mc_dbx->md_cmp(key, &nodekey);
			if (rc == 0) {
			
			line 6943 to 7007
		
		}
		
I thank you in advance to inform me:

a. if this fix is correct
b. my assumption is wrong
c. it needs another fix somewhere else

Prev by Date: Re: (ITS#9072) openLdap client problem
Next by Date: Re: (ITS#9073) md_cmp() called with zero size key
Index(es):
- Chronological
- Thread