btree/bt_seq.c: Fix two NULL pointer dereferences
This change fixes two NULL pointer dereferences caused by the __bt_first function. The first was caused by returning 0 (i.e., RET_SUCCESS) when a key was not found, causing the caller to dereference an uninitalized or NULL pointer. The second one was caused by an if statment clobbering a local variable with a function call result that might be NULL. Reported by: clang-tidy Sponsored by: Klara, Inc. Reviewed by: markj Obtained from: https://github.com/apple-oss-distributions/libc (partially) Differential Revision: https://reviews.freebsd.org/D54905
This commit is contained in:
@@ -325,7 +325,7 @@ usecurrent: F_CLR(c, CURS_AFTER | CURS_BEFORE);
|
||||
static int
|
||||
__bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp)
|
||||
{
|
||||
PAGE *h;
|
||||
PAGE *h, *hprev;
|
||||
EPG *ep, save;
|
||||
pgno_t pg;
|
||||
|
||||
@@ -338,7 +338,7 @@ __bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp)
|
||||
* page) and return it.
|
||||
*/
|
||||
if ((ep = __bt_search(t, key, exactp)) == NULL)
|
||||
return (0);
|
||||
return (RET_SPECIAL);
|
||||
if (*exactp) {
|
||||
if (F_ISSET(t, B_NODUPS)) {
|
||||
*erval = *ep;
|
||||
@@ -369,14 +369,14 @@ __bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp)
|
||||
break;
|
||||
if (h->pgno != save.page->pgno)
|
||||
mpool_put(t->bt_mp, h, 0);
|
||||
if ((h = mpool_get(t->bt_mp,
|
||||
if ((hprev = mpool_get(t->bt_mp,
|
||||
h->prevpg, 0)) == NULL) {
|
||||
if (h->pgno == save.page->pgno)
|
||||
mpool_put(t->bt_mp,
|
||||
save.page, 0);
|
||||
return (RET_ERROR);
|
||||
}
|
||||
ep->page = h;
|
||||
ep->page = h = hprev;
|
||||
ep->index = NEXTINDEX(h);
|
||||
}
|
||||
--ep->index;
|
||||
|
||||
Reference in New Issue
Block a user