From 98249b08b77b883283de4c2dcf3e1ef2327a4b4e Mon Sep 17 00:00:00 2001
From: khizmax <libcds.dev@gmail.com>
Date: Wed, 9 Dec 2015 20:04:26 +0300
Subject: [PATCH] Fixed BronsonAVLTreeMap nullptr access

---
 cds/container/impl/bronson_avltree_map_rcu.h | 10 ++++++----
 cds/sync/pool_monitor.h                      |  1 +
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/cds/container/impl/bronson_avltree_map_rcu.h b/cds/container/impl/bronson_avltree_map_rcu.h
index f98febea..96fb75f5 100644
--- a/cds/container/impl/bronson_avltree_map_rcu.h
+++ b/cds/container/impl/bronson_avltree_map_rcu.h
@@ -1728,8 +1728,7 @@ namespace cds { namespace container {
                     return rotate_right_locked( pParent, pNode, pLeft, hR, hLL, pLRight, hLR );
                 }
                 else {
-                    assert( pLRight != nullptr );
-                    {
+                    if ( pLRight ) {
                         node_scoped_lock lr( m_Monitor, *pLRight );
                         if ( pLeft->m_pRight.load( memory_model::memory_order_acquire ) != pLRight )
                             return pNode; // retry
@@ -1745,6 +1744,8 @@ namespace cds { namespace container {
                             return rotate_right_over_left_locked( pParent, pNode, pLeft, hR, hLL, pLRight, hLRL );
                         }
                     }
+                    else
+                        return pNode; // retry
 
                     // focus on pLeft, if necessary pNode will be balanced later
                     return rebalance_to_left_locked( pNode, pLeft, pLRight, hLL );
@@ -1776,8 +1777,7 @@ namespace cds { namespace container {
                 if ( hRR > hRL )
                     return rotate_left_locked( pParent, pNode, hL, pRight, pRLeft, hRL, hRR );
 
-                {
-                    assert( pRLeft != nullptr );
+                if ( pRLeft ) {
                     node_scoped_lock lrl( m_Monitor, *pRLeft );
                     if ( pRight->m_pLeft.load( memory_model::memory_order_acquire ) != pRLeft )
                         return pNode; // retry
@@ -1792,6 +1792,8 @@ namespace cds { namespace container {
                     if ( balance >= -1 && balance <= 1 && !((hRR == 0 || hRLR == 0) && !pRight->is_valued( memory_model::memory_order_relaxed )))
                          return rotate_left_over_right_locked( pParent, pNode, hL, pRight, pRLeft, hRR, hRLR );
                 }
+                else
+                    return pNode; // retry
                 return rebalance_to_right_locked( pNode, pRight, pRLeft, hRR );
             }
         }
diff --git a/cds/sync/pool_monitor.h b/cds/sync/pool_monitor.h
index 21b94a28..9d1be68c 100644
--- a/cds/sync/pool_monitor.h
+++ b/cds/sync/pool_monitor.h
@@ -184,6 +184,7 @@ namespace cds { namespace sync {
             if ( !pLock ) {
                 assert( cur == 0 );
                 pLock = p.m_SyncMonitorInjection.m_pLock = m_Pool.allocate( 1 );
+                assert( pLock != nullptr );
                 m_Stat.onLockAllocation();
             }
 
-- 
2.34.1