summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2012-12-20 14:17:45 -0500
committerGreg Hudson <ghudson@mit.edu>2012-12-20 14:28:04 -0500
commitf5345bba2a993066f9b886dae491d211ed9be057 (patch)
treefc3b425f74e8e1d2da54729ac529d89152081cf9 /src/plugins
parent8b43dd0cec3645d64e4eb9f6d0fcfc2a31d1955d (diff)
downloadkrb5-f5345bba2a993066f9b886dae491d211ed9be057.tar.gz
krb5-f5345bba2a993066f9b886dae491d211ed9be057.tar.xz
krb5-f5345bba2a993066f9b886dae491d211ed9be057.zip
Avoid null dereference in BDB dbtree error case
An error case in __bt_first would deference a null pointer. This is an old upstream BDB bug. Use a separate variable to hold the result of mpool_get() until it has been checked. Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>. ticket: 7511
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/kdb/db2/libdb2/btree/bt_seq.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
index 5707cab9b..b39d89edd 100644
--- a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
+++ b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
@@ -400,7 +400,7 @@ __bt_first(t, key, erval, exactp)
EPG *erval;
int *exactp;
{
- PAGE *h;
+ PAGE *h, *hprev;
EPG *ep, save;
db_pgno_t pg;
@@ -444,14 +444,14 @@ __bt_first(t, key, erval, exactp)
break;
if (h->pgno != save.page->pgno)
mpool_put(t->bt_mp, h, 0);
- if ((h = mpool_get(t->bt_mp,
+ if ((hprev = mpool_get(t->bt_mp,
h->prevpg, 0)) == NULL) {
if (h->pgno == save.page->pgno)
mpool_put(t->bt_mp,
save.page, 0);
return (RET_ERROR);
}
- ep->page = h;
+ ep->page = h = hprev;
ep->index = NEXTINDEX(h);
}
--ep->index;
generated by cgit (git 2.34.1) at 2026-01-05 19:59:46 +0000