From 2d738f9989e89e87b4892896141b6d1a83ed99f8 Mon Sep 17 00:00:00 2001
From: Olly Betts <olly@survex.com>
Date: Mon, 12 Dec 2016 17:49:26 +1300
Subject: [PATCH] Fix potential SEGV with corrupt value stats

We should be checking pos == 0, not *pos == 0 here.
---
 xapian-core/backends/glass/glass_values.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xapian-core/backends/glass/glass_values.cc b/xapian-core/backends/glass/glass_values.cc
index 83bed0f83..5337c5fe7 100644
--- a/xapian-core/backends/glass/glass_values.cc
+++ b/xapian-core/backends/glass/glass_values.cc
@@ -542,11 +542,11 @@ GlassValueManager::get_value_stats(Xapian::valueno slot, ValueStats & stats) con
 	const char * end = pos + tag.size();
 
 	if (!unpack_uint(&pos, end, &(stats.freq))) {
-	    if (*pos == 0) throw Xapian::DatabaseCorruptError("Incomplete stats item in value table");
+	    if (pos == 0) throw Xapian::DatabaseCorruptError("Incomplete stats item in value table");
 	    throw Xapian::RangeError("Frequency statistic in value table is too large");
 	}
 	if (!unpack_string(&pos, end, stats.lower_bound)) {
-	    if (*pos == 0) throw Xapian::DatabaseCorruptError("Incomplete stats item in value table");
+	    if (pos == 0) throw Xapian::DatabaseCorruptError("Incomplete stats item in value table");
 	    throw Xapian::RangeError("Lower bound in value table is too large");
 	}
 	size_t len = end - pos;
-- 
2.11.4.GIT