From 6139443ef1990918aa82241e0aad080a2c7342ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?=
 =?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= <leo@yuriev.ru>
Date: Wed, 23 Nov 2022 00:57:02 +0300
Subject: [PATCH] mdbx: fix SIGSEGV/invalid-deref/invalid-free inside
 `env_close()` when `mdbx_env_open()` failed in re-open case (backport).

Thanks to [@leisim](https://t.me/leisim) for [reporting](https://t.me/libmdbx/3946) this issue.
---
 ChangeLog.md | 4 ++++
 src/core.c   | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 24fe67e5..ff38ca65 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -7,6 +7,10 @@ Fixes:
 
  - Fixed insignificant typo of `||` inside `#if` byte-order condition (backport).
 
+ - Fixed`SIGSEGV` or an erroneous call to `free()` in situations where
+   errors occur when reopening by `mdbx_env_open()` of a previously used
+   environment (backport).
+
 
 ## v0.11.13 (Swashplate) at 2022-11-10
 
diff --git a/src/core.c b/src/core.c
index fa07fb1b..f0425dff 100644
--- a/src/core.c
+++ b/src/core.c
@@ -13447,9 +13447,10 @@ __cold static int mdbx_env_close0(MDBX_env *env) {
   }
 
   if (env->me_dbxs) {
-    for (unsigned i = env->me_numdbs; --i >= CORE_DBS;)
+    for (unsigned i = CORE_DBS; i < env->me_numdbs; ++i)
       mdbx_free(env->me_dbxs[i].md_name.iov_base);
     mdbx_free(env->me_dbxs);
+    env->me_numdbs = CORE_DBS;
     env->me_dbxs = nullptr;
   }
   if (env->me_pbuf) {