From c53627f5ac67ef4da6ef70a3b4f4052b6acfb872 Mon Sep 17 00:00:00 2001
From: Leonid Yuriev <leo@yuriev.ru>
Date: Sun, 23 Aug 2020 16:20:37 +0300
Subject: [PATCH] mdbx: fix null-deref during MDBX_TXN_RDONLY_PREPARE in the
 MDBX_EXCLUSIVE mode.

Change-Id: I20b2bd4137293261a546910c8175be531d38b2c9
---
 src/core.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/core.c b/src/core.c
index 1646cf19..dd756d43 100644
--- a/src/core.c
+++ b/src/core.c
@@ -6107,12 +6107,14 @@ static int mdbx_txn_renew0(MDBX_txn *txn, const unsigned flags) {
     }
     txn->to.reader = r;
     if (flags & (MDBX_TXN_RDONLY_PREPARE - MDBX_TXN_RDONLY)) {
-      mdbx_assert(env, r->mr_txnid.inconsistent >= SAFE64_INVALID_THRESHOLD);
       mdbx_assert(env, txn->mt_txnid == 0);
       mdbx_assert(env, txn->mt_owner == 0);
       mdbx_assert(env, txn->mt_numdbs == 0);
-      mdbx_assert(env, r->mr_snapshot_pages_used == 0);
-      r->mr_snapshot_pages_used = 0;
+      if (likely(r)) {
+        mdbx_assert(env, r->mr_snapshot_pages_used == 0);
+        mdbx_assert(env, r->mr_txnid.inconsistent >= SAFE64_INVALID_THRESHOLD);
+        r->mr_snapshot_pages_used = 0;
+      }
       txn->mt_flags = MDBX_TXN_RDONLY | MDBX_TXN_FINISHED;
       return MDBX_SUCCESS;
     }