When memory allocations for recovery fails,

dont dereference a null pointer while trying to print the log message for the failure.

also shutdown ctdb with ctdb_fatal()
(cherry picked from commit f8642d0438c6bbb34a72c25d6a904b626e247410)

diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c
index 9e839fdfd5d0bf66cd06a273a0e8625de50a137f..f5fa25728bbba492b0bf6636565f9410ceaa6d9b 100644 (file)
--- a/server/ctdb_recover.c
+++ b/server/ctdb_recover.c
@@ -340,10 +340,8 @@ static int traverse_pulldb(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data,
        }
        params->pulldata = talloc_realloc_size(NULL, params->pulldata, rec->length + params->len);
        if (params->pulldata == NULL) {
-               DEBUG(DEBUG_ERR,(__location__ " Failed to expand pulldb_data to %u (%u records)\n", 
-                        rec->length + params->len, params->pulldata->count));
-               params->failed = true;
-               return -1;
+               DEBUG(DEBUG_CRIT,(__location__ " Failed to expand pulldb_data to %u\n", rec->length + params->len));
+               ctdb_fatal(params->ctdb, "failed to allocate memory for recovery. shutting down\n");
        }
        params->pulldata->count++;
        memcpy(params->len+(uint8_t *)params->pulldata, rec, rec->length);