[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: CVS update: subversion/subversion/libsvn_fs dag.c dag.h

From: Greg Stein <gstein_at_lyra.org>
Date: 2001-02-22 04:55:23 CET

On Wed, Feb 21, 2001 at 05:03:42PM -0000, sussman@tigris.org wrote:
>...
> --- dag.c 2001/02/20 23:32:38 1.20
> +++ dag.c 2001/02/21 17:03:42 1.21
>...
> +/* Helper for next three funcs */
> +static int
> +node_is_kind_p (dag_node_t *node, const char *kindstr)
> +{
> + /* No gratutitous syntax (or null-value) checks in here, because
> + we're assuming that lower layers have already scanned the content
> + skel for validity. */
> +
> + /* The node "header" is the first element of a node-revision skel,
> + itself a list. */
> + skel_t *header = node->contents->children;
> +
> + /* The first element of the header should be an atom defining the
> + node kind. */
> + skel_t *kind = header->children;
> +
> + if (! memcmp (kind->data, kindstr, kind->len))

That is an illegal memcmp(). You can't be sure that kindstr is kind->len
bytes long. And you can't assume that memcmp will stop at the first byte
which differs. Thus, the above memcmp could end up "touching"
kindstr[kind->len-1]. If kindstr is 2 bytes, and kind->len is 2000, then you
could (theoretically) cause a seg fault.

The correct function in this case is strncmp(kind->data, kindstr, kind->len)
(in that particular argument order; see the man page).

However, even that is not sufficient. If kind=="f" and kindstr=="file", then
you'll end up comparing the first byte and saying they are equal.

This is all mucky because skel->data is not null-terminated (and I don't
think it should be; we'd end up having to copy (potentially) lots of data).
Therefore, you check is going to be:

    apr_size_t kindstr_len = strlen(kindstr);
    
    if (kind->len == kindstr_len
        && memcmp(kind->data, kindstr, kindstr_len) == 0)

That should do the trick.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
Received on Sat Oct 21 14:36:23 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.