Fix uninit'd mem ref in mdb_page_split

author Howard Chu <hyc@openldap.org>

Mon, 12 Aug 2013 19:43:42 +0000 (12:43 -0700)

committer Howard Chu <hyc@openldap.org>

Mon, 12 Aug 2013 19:43:42 +0000 (12:43 -0700)
author Howard Chu <hyc@openldap.org>
Mon, 12 Aug 2013 19:43:42 +0000 (12:43 -0700)
committer Howard Chu <hyc@openldap.org>
Mon, 12 Aug 2013 19:43:42 +0000 (12:43 -0700)
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c

index ceda38510b32b780700981985270a522bd979431..64601735919e569ade2b5ff09e85f9a6f00be3d7 100644 (file)
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -7653,7 +7653,7 @@ done:
                                 m3->mc_snum++;
                                 m3->mc_top++;
                         }
-                       if (m3->mc_pg[mc->mc_top] == mp) {
+                       if (m3->mc_top >= mc->mc_top && m3->mc_pg[mc->mc_top] == mp) {
                                 if (m3->mc_ki[mc->mc_top] >= newindx && !(nflags & MDB_SPLIT_REPLACE))
                                         m3->mc_ki[mc->mc_top]++;
                                 if (m3->mc_ki[mc->mc_top] >= fixup) {
@@ -7661,7 +7661,7 @@ done:
                                         m3->mc_ki[mc->mc_top] -= fixup;
                                         m3->mc_ki[ptop] = mn.mc_ki[ptop];
                                 }
-                       } else if (!did_split && m3->mc_pg[ptop] == mc->mc_pg[ptop] &&
+                       } else if (!did_split && m3->mc_top >= ptop && m3->mc_pg[ptop] == mc->mc_pg[ptop] &&
                                 m3->mc_ki[ptop] >= mc->mc_ki[ptop]) {
                                 m3->mc_ki[ptop]++;
                         }
author	Howard Chu <hyc@openldap.org>
	Mon, 12 Aug 2013 19:43:42 +0000 (12:43 -0700)
committer	Howard Chu <hyc@openldap.org>
	Mon, 12 Aug 2013 19:43:42 +0000 (12:43 -0700)