https://bugs.openldap.org/show_bug.cgi?id=10439
Issue ID: 10439
Summary: The value of the mc_xcursor pointer in the context of
calling the mdb_xcursor_init1() function
Product: OpenLDAP
Version: 2.6.12
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Problem occurs in functions `mdb_cursor_first()`, `mdb_cursor_last()` and
`mdb_cursor_set()`.
After having been compared to a NULL value, pointer 'mc->mc_xcursor' is passed
in call to function 'mdb_xcursor_init1()` where it is dereferenced. This might
happen when the node flag `F_DUPDATA` is set, but the database does not have
the `MDB_DUPSORT` flag, leading to `mc->mc_xcursor` being uninitialized.
I think that this is very unlikely to happen, but I haven't found a clear
connection between the `F_DUPDATA` and `MDB_DUPSORT` flags. Please consider
wheter if it's worth adding a NULL check there.
--
You are receiving this mail because:
You are on the CC list for the issue.
