From a1333fc827bba3fb0a2c5d9c718177d27cc2cf5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?=
 =?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= <leo@yuriev.ru>
Date: Wed, 23 Nov 2022 00:57:02 +0300
Subject: [PATCH] mdbx: fix SIGSEGV/invalid-deref/invalid-free inside
 `env_close()` when `mdbx_env_open()` failed in re-open case.

Thanks to [@leisim](https://t.me/leisim) for [reporting](https://t.me/libmdbx/3946) this issue.
---
 src/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core.c b/src/core.c
index b9240eaf..2342a970 100644
--- a/src/core.c
+++ b/src/core.c
@@ -14280,9 +14280,10 @@ __cold static int env_close(MDBX_env *env) {
   }
 
   if (env->me_dbxs) {
-    for (size_t i = env->me_numdbs; --i >= CORE_DBS;)
+    for (size_t i = CORE_DBS; i < env->me_numdbs; ++i)
       osal_free(env->me_dbxs[i].md_name.iov_base);
     osal_free(env->me_dbxs);
+    env->me_numdbs = CORE_DBS;
     env->me_dbxs = nullptr;
   }
   if (env->me_pbuf) {