[Note crosspost: I'm not sure who's maintaining DB 1.x, but since OpenBSD is
still shipping it, I hope someone is taking bug reports. I'm not an OpenBSD
user but have got a bug report from a OpenBSD user about a program I wrote
that uses Berkeley DB, so I investigated DB 1.x and found the bug there]

The bug: In the hash access method, if there are many DB->get() calls in
between two consecutive DB->seq() calls, it is possible for the cursor page
to become the LRU, and then get overwritten by a new page read from disk.
After that happens, the next DB->seq() returns fragments of the new page
instead of the correct key and data.

This patch seems to work, although I'm not extremely familiar with DB
internals; there is probably a more elegant way to fix the problem (like
having hash_seq() check the validity of the page and reload it from disk if
necessary - I tried that but couldn't make it work so I switched to the easy
way).

=== CUT HERE ===
--- libdb-1.85.4.orig/hash/hash_buf.c Fri Jul 15 07:23:46 1994
+++ libdb-1.85.4.pac/hash/hash_buf.c Thu Sep 9 01:41:44 2004
@@ -171,11 +171,19 @@

oaddr = 0;
bp = LRU;
+
+ /* It is bad to overwrite the page under the cursor. */
+ if(bp==hashp->cpage) {
+ BUF_REMOVE(bp);
+ MRU_INSERT(bp);
+ bp = LRU;
+ }
+
/*
* If LRU buffer is pinned, the buffer pool is too small. We need to
* allocate more buffers.
*/
- if (hashp->nbufs || (bp->flags & BUF_PIN)) {
+ if (hashp->nbufs || (bp->flags & BUF_PIN) || bp==hashp->cpage) {
/* Allocate a new one */
if ((bp = (BUFHEAD *)malloc(sizeof(BUFHEAD))) == NULL)
return (NULL);
=== CUT HERE ===

--
Alan Curry
pacman@clss.net

pacman@manson.clss.net (Alan Curry) wrote in message news:<chq8b402lmd@enews2.ne
wsguy.com>...
> [Note crosspost: I'm not sure who's maintaining DB 1.x, but since OpenBSD is
> still shipping it, I hope someone is taking bug reports. I'm not an OpenBSD
> user but have got a bug report from a OpenBSD user about a program I wrote
> that uses Berkeley DB, so I investigated DB 1.x and found the bug there]

Nobody supports or maintains the 1.85 or 1.86 releases of
Berkeley DB, the code base has been ignored for almost a decade.
(Further, there are serious known problems with the 1.85/1.86
versions, including some that can only be fixed by modifying the
on-disk format.)

I would urge you to upgrade to a current version of Berkeley DB,
available from the Sleepycat Software web site and included in
every BSD or Linux based release of which I'm aware. Current
versions of Berkeley DB include a fully compatible API for the
1.85/1.86 versions, as well as utilities to convert your historic
databases to a current format.

Regards,
--keith

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Keith Bostic bostic@sleepycat.com
Sleepycat Software Inc. keithbosticim (ymsgid)
118 Tower Rd. +1-781-259-3139
Lincoln, MA 01773 http://www.sleepycat.com

In article <adecb6f.0409100654.79392fcb@posting.google.com> ,
Keith Bostic <bostic@sleepycat.com> wrote:
>pacman@manson.clss.net (Alan Curry) wrote in message news:<chq8b402lmd@enews2.ne
>wsguy.com>...
>> [Note crosspost: I'm not sure who's maintaining DB 1.x, but since OpenBSD is
>> still shipping it, I hope someone is taking bug reports. I'm not an OpenBSD
>> user but have got a bug report from a OpenBSD user about a program I wrote
>> that uses Berkeley DB, so I investigated DB 1.x and found the bug there]
>
>Nobody supports or maintains the 1.85 or 1.86 releases of
>Berkeley DB, the code base has been ignored for almost a decade.
>(Further, there are serious known problems with the 1.85/1.86
>versions, including some that can only be fixed by modifying the
>on-disk format.)
>
>I would urge you to upgrade to a current version of Berkeley DB,
>available from the Sleepycat Software web site and included in
>every BSD or Linux based release of which I'm aware. Current
>versions of Berkeley DB include a fully compatible API for the
>1.85/1.86 versions, as well as utilities to convert your historic
>databases to a current format.

OpenBSD Considered Harmful?

--
Alan Curry
pacman@clss.net

sleepycat is gpl'd, so openbsd will be staying at 1.85 for a while.

--

In article <Pine.GSO.4.44.0409132005580.8150-100000@elaine15.Stanford.EDU>,
Ted Unangst <tedu@stanford.edu> wrote:
>sleepycat is gpl'd, so openbsd will be staying at 1.85 for a while.

I've made a small test case that demonstrates the bug.

The test database, along with code in C and perl to trigger the bug, is here:
http://proxypot.org/db1bug.tgz

--
Alan Curry
pacman@clss.net