An error case in __bt_first would deference a null pointer. This is
an old upstream BDB bug. Use a separate variable to hold the result
of mpool_get() until it has been checked. Reported by Nickolai
Zeldovich <nickolai@csail.mit.edu>.
ticket: 7511
EPG *erval;
int *exactp;
{
- PAGE *h;
+ PAGE *h, *hprev;
EPG *ep, save;
db_pgno_t pg;
break;
if (h->pgno != save.page->pgno)
mpool_put(t->bt_mp, h, 0);
- if ((h = mpool_get(t->bt_mp,
+ if ((hprev = mpool_get(t->bt_mp,
h->prevpg, 0)) == NULL) {
if (h->pgno == save.page->pgno)
mpool_put(t->bt_mp,
save.page, 0);
return (RET_ERROR);
}
- ep->page = h;
+ ep->page = h = hprev;
ep->index = NEXTINDEX(h);
}
--ep->index;
projects / thirdparty / krb5.git / commitdiff
