From nobody Tue Jan 27 16:47:50 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f0rtZ3cyMz6Q69v for ; Tue, 27 Jan 2026 16:47:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f0rtZ23YDz3LrX for ; Tue, 27 Jan 2026 16:47:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769532470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s4I2ItBiBD5sH1HMgUZS1VQXOfBMZYSKNGAKIp+EsKU=; b=kuxE+TRWNUeUr2Tc+gPlG8/WPV7dadZ0BtkT/PLKl9SieIPOfiOIWunGrGI9Pkgbbw3TQT +ua47dV0fy9tMmCafk+kGqTIECYk1UVtktje0UqMszzfHua1CgqEZbGLhKBLNPWrnLKGiK I9XNkiBbJ70JVB6GhJdmPYlcj5EIQ1Xb2z9VG7IWt0bxyGg82X9KbVgEsr6dDZukTiNelv C+ypJ6QBhs4+NUO4qzJL67RvJHNja7mlHxO0gJgt56FwbRx3kMPu1REs2nEnw0tcb99mDM fER+KTiQIbyl2JutLYZW86gJWPtXVoZr0kwi4Vf/eH2KdWq2zWBpDIqBFo1Ukg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769532470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s4I2ItBiBD5sH1HMgUZS1VQXOfBMZYSKNGAKIp+EsKU=; b=w8jLgmR7QXPDgWvPN+WAcRbM4tRS5oBkxqGB+uCeixlkKIUkDE1//jwHOwwJKyh7R9vPnm qGJtNQXtXGSfgqV4tV8XY0y+3CkJmipa2DzQQbjUjADbDAh5bDWOlRMYWnZkjPize9VD4z qzUolsM/Ax6pUWH/2Xw8Zk1S51UH6Oe3+8yb9dlgwuwSX3B6F2JWBDNKoCsl6DvDDWWBLk 6u4cigPUT+xh3iKnJ14rcMHAteyVi/SjIJRGt+xswIw42xHcBLsJcdPCwgOYzi5IJt5XRu XkJ9QRkf1fcAhrSUQn7NZq+sElpBsMipIleIxlz4/VEPNtxF1OrBX+msb7Lt+g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769532470; a=rsa-sha256; cv=none; b=QNGqm7lDc761QFzquSl9bXEuRdd6zAzYx9JP7EannhhUSvvdMX8NXav8gPTTWSi7gttPu8 NHXyT9lY0lenH17QRJxt94Z+pIcQDA9lDovTQFWfY91Szwh70imreaZ5SDXi5dugwo5DXY Ju3gue5OWsk5GOPhXuyMEWzDlvboMCRYECaJ9nxxBpPy5E8+Mi8pb/dBIkSo1ThtuOPFwt DkNlhl1UEg0YOhkFQ3jhqHxgrlPNm3Nc4kYlFHfxFPM2+DIqfpeOkPxDMyBtFH6Ecpiray xjpr0s1BbXzvh/w6RqzhNoTYl2GqUJa46O9nQEI8l2Q8Vy5HVMCoh2ssFtqzWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f0rtZ0pVwzb5 for ; Tue, 27 Jan 2026 16:47:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3c4d0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 27 Jan 2026 16:47:50 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Bojan Novk=?utf-8?Q?ovi=C4=87?= Subject: git: 4bcc5a3cdc05 - main - btree/bt_seq.c: Fix two NULL pointer dereferences List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bnovkov X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4bcc5a3cdc05f217a8adf2f5f97a2e922663f741 Auto-Submitted: auto-generated Date: Tue, 27 Jan 2026 16:47:50 +0000 Message-Id: <6978ec36.3c4d0.2698757a@gitrepo.freebsd.org> The branch main has been updated by bnovkov: URL: https://cgit.FreeBSD.org/src/commit/?id=4bcc5a3cdc05f217a8adf2f5f97a2e922663f741 commit 4bcc5a3cdc05f217a8adf2f5f97a2e922663f741 Author: Bojan Novković AuthorDate: 2026-01-27 15:13:13 +0000 Commit: Bojan Novković CommitDate: 2026-01-27 16:47:23 +0000 btree/bt_seq.c: Fix two NULL pointer dereferences This change fixes two NULL pointer dereferences caused by the __bt_first function. The first was caused by returning 0 (i.e., RET_SUCCESS) when a key was not found, causing the caller to dereference an uninitalized or NULL pointer. The second one was caused by an if statment clobbering a local variable with a function call result that might be NULL. Reported by: clang-tidy Sponsored by: Klara, Inc. Reviewed by: markj Obtained from: https://github.com/apple-oss-distributions/libc (partially) Differential Revision: https://reviews.freebsd.org/D54905 --- lib/libc/db/btree/bt_seq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/libc/db/btree/bt_seq.c b/lib/libc/db/btree/bt_seq.c index 2562724faf33..fc7fa693b747 100644 --- a/lib/libc/db/btree/bt_seq.c +++ b/lib/libc/db/btree/bt_seq.c @@ -325,7 +325,7 @@ usecurrent: F_CLR(c, CURS_AFTER | CURS_BEFORE); static int __bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp) { - PAGE *h; + PAGE *h, *hprev; EPG *ep, save; pgno_t pg; @@ -338,7 +338,7 @@ __bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp) * page) and return it. */ if ((ep = __bt_search(t, key, exactp)) == NULL) - return (0); + return (RET_SPECIAL); if (*exactp) { if (F_ISSET(t, B_NODUPS)) { *erval = *ep; @@ -369,14 +369,14 @@ __bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp) break; if (h->pgno != save.page->pgno) mpool_put(t->bt_mp, h, 0); - if ((h = mpool_get(t->bt_mp, + if ((hprev = mpool_get(t->bt_mp, h->prevpg, 0)) == NULL) { if (h->pgno == save.page->pgno) mpool_put(t->bt_mp, save.page, 0); return (RET_ERROR); } - ep->page = h; + ep->page = h = hprev; ep->index = NEXTINDEX(h); } --ep->index;