From ea0d07ffa324cd834b87dd29053961366172330b Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 3 Oct 2011 12:40:53 -0700 Subject: [PATCH] Fix freelist bug on page split NULL out env->pghead before writing it, so that its pages can't be used to satisfy the write. --- libraries/libmdb/mdb.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libraries/libmdb/mdb.c b/libraries/libmdb/mdb.c index 1995ea8..3a82192 100644 --- a/libraries/libmdb/mdb.c +++ b/libraries/libmdb/mdb.c @@ -1128,7 +1128,7 @@ mdb_page_alloc(MDB_cursor *mc, int num) if (pgno == P_INVALID) { /* DB size is maxed out */ if (txn->mt_next_pgno + num >= txn->mt_env->me_maxpg) { - DPRINTF("DB size maxed out"); + DPUTS("DB size maxed out"); return NULL; } } @@ -1764,13 +1764,13 @@ mdb_txn_commit(MDB_txn *txn) MDB_oldpages *mop; mop = env->me_pghead; + env->me_pghead = NULL; key.mv_size = sizeof(pgno_t); key.mv_data = &mop->mo_txnid; data.mv_size = MDB_IDL_SIZEOF(mop->mo_pages); data.mv_data = mop->mo_pages; mdb_cursor_put(&mc, &key, &data, 0); - free(env->me_pghead); - env->me_pghead = NULL; + free(mop); } /* Update DB root pointers. Their pages have already been @@ -3202,6 +3202,7 @@ mdb_page_search(MDB_cursor *mc, MDB_val *key, int modify) } } + assert(root > 1); if ((rc = mdb_page_get(mc->mc_txn, root, &mc->mc_pg[0]))) return rc;