From be23f69f403b512b59926d78baae02cd2fb18778 Mon Sep 17 00:00:00 2001
From: delphij <delphij@FreeBSD.org>
Date: Sat, 28 Mar 2009 06:30:43 +0000
Subject: Fix a crash when iterating over a hash and removing its elements.

Obtained from:	OpenBSD
---
 lib/libc/db/hash/hash_page.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib/libc/db/hash/hash_page.c')

diff --git a/lib/libc/db/hash/hash_page.c b/lib/libc/db/hash/hash_page.c
index e34b30f..f1cde8f 100644
--- a/lib/libc/db/hash/hash_page.c
+++ b/lib/libc/db/hash/hash_page.c
@@ -155,6 +155,14 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
 				bp[i - 1] = bp[i + 1] + pairlen;
 			}
 		}
+		if (ndx == hashp->cndx) {
+			/*
+			 * We just removed pair we were "pointing" to.
+			 * By moving back the cndx we ensure subsequent
+			 * hash_seq() calls won't skip over any entries.
+			 */
+			hashp->cndx -= 2;
+		}
 	}
 	/* Finally adjust the page data */
 	bp[n] = OFFSET(bp) + pairlen;
-- 
cgit v1.1