Fix double free by closing cursor at the right time

This commit is contained in:
Nicolas Werner 2020-07-30 18:13:19 +02:00
parent 12090c0a06
commit 7f3d97517f

View file

@ -2199,6 +2199,7 @@ Cache::firstPendingMessage(const std::string &room_id)
auto txn = lmdb::txn::begin(env_);
auto pending = getPendingMessagesDb(txn, room_id);
{
auto pendingCursor = lmdb::cursor::open(txn, pending);
lmdb::val tsIgnored, pendingTxn;
while (pendingCursor.get(tsIgnored, pendingTxn, MDB_NEXT)) {
@ -2214,14 +2215,17 @@ Cache::firstPendingMessage(const std::string &room_id)
mtx::events::collections::from_json(
json::parse(std::string_view(event.data(), event.size())), te);
pendingCursor.close();
txn.commit();
return te;
} catch (std::exception &e) {
nhlog::db()->error("Failed to parse message from cache {}", e.what());
nhlog::db()->error("Failed to parse message from cache {}",
e.what());
lmdb::dbi_del(txn, pending, tsIgnored, pendingTxn);
continue;
}
}
}
txn.commit();
@ -2233,12 +2237,15 @@ Cache::removePendingStatus(const std::string &room_id, const std::string &txn_id
{
auto txn = lmdb::txn::begin(env_);
auto pending = getPendingMessagesDb(txn, room_id);
{
auto pendingCursor = lmdb::cursor::open(txn, pending);
lmdb::val tsIgnored, pendingTxn;
while (pendingCursor.get(tsIgnored, pendingTxn, MDB_NEXT)) {
if (std::string_view(pendingTxn.data(), pendingTxn.size()) == txn_id)
lmdb::cursor_del(pendingCursor);
}
}
txn.commit();
}