From 58e9c3add8c3fbe88f930531f237f070a652249b Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@symas.com>
Date: Mon, 21 Jul 2014 08:33:59 -0700
Subject: [PATCH] Fix mdb_cursor_count, reject uninit'd cursor

---
 libraries/liblmdb/mdb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index 4a21242239..9e4a068941 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -6989,6 +6989,9 @@ mdb_cursor_count(MDB_cursor *mc, size_t *countp)
 	if (mc->mc_txn->mt_flags & MDB_TXN_ERROR)
 		return MDB_BAD_TXN;
 
+	if (!(mc->mc_flags & C_INITIALIZED))
+		return EINVAL;
+
 	leaf = NODEPTR(mc->mc_pg[mc->mc_top], mc->mc_ki[mc->mc_top]);
 	if (!F_ISSET(leaf->mn_flags, F_DUPDATA)) {
 		*countp = 1;
-- 
2.39.5