diff options
author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-07-01 03:43:25 +0000 |
---|---|---|
committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-07-01 03:43:25 +0000 |
commit | a48b3d61d8342305f5dcf2b9d03ae792f66c913a (patch) | |
tree | 39170d094eddb861fde7a29d1f44a337c3b5c7b0 /usr.sbin/ldapd | |
parent | d673d66bf73bd6d731ee0d975d1def3dafe8b8d2 (diff) |
Fix a null pointer dereference when writing an entry requiring a single
overflow page. Found by clang static analyzer. Also add some assertions to
silence clang.
Diffstat (limited to 'usr.sbin/ldapd')
-rw-r--r-- | usr.sbin/ldapd/btree.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/ldapd/btree.c b/usr.sbin/ldapd/btree.c index 59308d39e13..74579fee567 100644 --- a/usr.sbin/ldapd/btree.c +++ b/usr.sbin/ldapd/btree.c @@ -1,4 +1,4 @@ -/* $OpenBSD: btree.c,v 1.17 2010/07/01 02:19:11 martinh Exp $ */ +/* $OpenBSD: btree.c,v 1.18 2010/07/01 03:43:24 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -1524,7 +1524,7 @@ btree_read_data(struct btree *bt, struct mpage *mp, struct node *leaf, for (sz = 0; sz < data->size; ) { if ((omp = btree_get_mpage(bt, pgno)) == NULL || !F_ISSET(omp->page->flags, P_OVERFLOW)) { - DPRINTF("read overflow page failed (%02x)", omp->page->flags); + DPRINTF("read overflow page %u failed", pgno); free(data->data); mpage_free(omp); return BT_FAIL; @@ -1890,6 +1890,8 @@ btree_write_overflow_data(struct btree *bt, struct page *p, struct btval *data) max = bt->head.psize - PAGEHDRSZ; while (done < data->size) { + if (next != NULL) + p = next->page; linkp = &p->p_next_pgno; if (data->size - done > max) { /* need another overflow page */ @@ -1905,7 +1907,6 @@ btree_write_overflow_data(struct btree *bt, struct page *p, struct btval *data) DPRINTF("copying %zu bytes to overflow page %u", sz, p->pgno); bcopy((char *)data->data + done, p->ptrs, sz); done += sz; - p = next->page; } return BT_SUCCESS; @@ -1986,6 +1987,7 @@ btree_add_node(struct btree *bt, struct mpage *mp, indx_t indx, bcopy(key->data, NODEKEY(node), key->size); if (IS_LEAF(mp)) { + assert(key); if (ofp == NULL) { if (F_ISSET(flags, F_BIGDATA)) bcopy(data->data, node->data + key->size, @@ -2324,6 +2326,7 @@ btree_move_node(struct btree *bt, struct mpage *src, indx_t srcindx, } if (IS_BRANCH(dst)) { + assert(mp); mp->parent = dst; mp->parent_index = dstindx; find_common_prefix(bt, mp); |