[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Suspect buffer underrun in svn_path_uri_decode

From: Klaus Rennecke <kre_at_tigris.org>
Date: 2004-07-05 17:38:51 CEST

Shall I file this in the issue tracker? I believe it's a severe memory
corruption risk.

Klaus Rennecke wrote:

> [...]
> [...libsvn_subr/path.c@r10135 line 850...]
> for (i = 0; path[i]; i++)
> {
> char c = path[i];
> [...snip...]
> else if (c == '%')
> {
> char digitz[3];
> digitz[0] = path[++i];
> digitz[1] = path[++i];
> digitz[2] = '\0';|
> [...]
>
> So, where will this end up with an input of "http://c.r.a/s%" ?
> Granted, it's not really a valid URL, but that's no reason to plow
> through the heap, is it? :-)
> [...]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 5 17:39:47 2004

This is an archived mail posted to the Subversion Dev mailing list.