lmdbxx icon indicating copy to clipboard operation
lmdbxx copied to clipboard

Published 20 hours ago verified publisher icon drycpp

Double-free when txn.commit() throws

Open hoytech opened this issue 5 years ago • 0 comments

@core-process noticed and fixed this issue in our C++17 fork of lmdbxx:

If an exception was throw by txn.commit() (ie MDB_MAP_FULL), and this transaction was later aborted (because it went out of scope while unwinding the stack), then a double-free would occur.

You can use the following test to observe this (address sanitizer should be enabled, as it is by default in our Makefile):

https://github.com/hoytech/lmdbxx/blob/5223582ebf92a9b14608ce6768535aef0c65910f/check.cc#L329

hoytech avatar Jul 23 '20 14:07 hoytech