From: Howard Chu <hyc@openldap.org>
Date: Mon, 12 Aug 2013 19:43:42 +0000 (-0700)
Subject: Fix uninit'd mem ref in mdb_page_split
X-Git-Tag: OPENLDAP_REL_ENG_2_4_36~4^2
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;ds=sidebyside;h=eaeeecc3b28a814d6793b57102d9e03ff9a8cef7;p=openldap

Fix uninit'd mem ref in mdb_page_split

Don't compare cursors beyond their depth. (detected by valgrind)
---

diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index ceda38510b..6460173591 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -7653,7 +7653,7 @@ done:
 				m3->mc_snum++;
 				m3->mc_top++;
 			}
-			if (m3->mc_pg[mc->mc_top] == mp) {
+			if (m3->mc_top >= mc->mc_top && m3->mc_pg[mc->mc_top] == mp) {
 				if (m3->mc_ki[mc->mc_top] >= newindx && !(nflags & MDB_SPLIT_REPLACE))
 					m3->mc_ki[mc->mc_top]++;
 				if (m3->mc_ki[mc->mc_top] >= fixup) {
@@ -7661,7 +7661,7 @@ done:
 					m3->mc_ki[mc->mc_top] -= fixup;
 					m3->mc_ki[ptop] = mn.mc_ki[ptop];
 				}
-			} else if (!did_split && m3->mc_pg[ptop] == mc->mc_pg[ptop] &&
+			} else if (!did_split && m3->mc_top >= ptop && m3->mc_pg[ptop] == mc->mc_pg[ptop] &&
 				m3->mc_ki[ptop] >= mc->mc_ki[ptop]) {
 				m3->mc_ki[ptop]++;
 			}