[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Segfault during "svn info"

From: Stefan Sperling <stsp_at_elego.de>
Date: Sun, 16 Nov 2008 17:36:48 +0000

On Sun, Nov 16, 2008 at 05:53:20PM +0100, Jens Seidel wrote:
> On Sat, Nov 15, 2008 at 09:27:57PM +0100, Arfrever Frehtes Taifersar Arahesis wrote:
> > 2008-10-28 17:14:39 Jens Seidel napisa??(a):
> > > On Tue, Oct 21, 2008 at 02:30:08PM +0200, Jens Seidel wrote:
> > > > there seems again a problem if the URL of a repository is like
> > > > svn+ssh://svn@10.0.1.1. I'm using trunk, r33797.
> > >
> > > Updated to r33925, problem still exists.
> >
> > If problem still exists in >=r34218, then could you write reproduction script?
>
> I tried r34225 and the situation improved. Subversion still crashs but only on
> an older working copy accessed previously with r33925 (this may be OK?). It was
> left in an unclean state by this older svn trunk.
>
> Checking out a repository again with current trunk fails now (but at least
> doesn't crash) :-(
>
> Please note that I only updated the client. The server still uses 1.5.x.
>
> $ svn cleanup
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 47116375701120 (LWP 8732)]
> 0x00002ada2100e056 in svn_uri_is_canonical (
> uri=0x6653b0 "svn+ssh://svn@10.0.1.1")
> at subversion/libsvn_subr/dirent_uri.c:1029
> 1029 while (*ptr != '/')

From reading the code, it looks like we are running over the end
of that string into uninitialised memory.

Jens, can you try this patch?
And can someone other than Jens try this patch on windows?

Index: subversion/libsvn_subr/dirent_uri.c
===================================================================
--- subversion/libsvn_subr/dirent_uri.c (revision 34203)
+++ subversion/libsvn_subr/dirent_uri.c (working copy)
@@ -1026,7 +1026,7 @@ svn_uri_is_canonical(const char *uri)
 
           /* Found a hostname, check that it's all lowercase. */
           ptr = seg;
- while (*ptr != '/')
+ while (*ptr && *ptr != '/')
             {
               if (*ptr >= 'A' && *ptr <= 'Z')
                 return FALSE;
@@ -1036,13 +1036,16 @@ svn_uri_is_canonical(const char *uri)
     }
 
 #if defined(WIN32) || defined(__CYGWIN__)
- /* If this is a file url, ptr now points to the third '/' in
- file:///C:/path. Check that if we have such a URL the drive
- letter is in uppercase. */
- if (strncmp(uri, "file:", 5) == 0 &&
- ! (*(ptr+1) >= 'A' && *(ptr+1) <= 'Z') &&
- *(ptr+2) == ':')
- return FALSE;
+ if (*ptr == '/')
+ {
+ /* If this is a file url, ptr now points to the third '/' in
+ file:///C:/path. Check that if we have such a URL the drive
+ letter is in uppercase. */
+ if (strncmp(uri, "file:", 5) == 0 &&
+ ! (*(ptr+1) >= 'A' && *(ptr+1) <= 'Z') &&
+ *(ptr+2) == ':')
+ return FALSE;
+ }
 #endif /* WIN32 or Cygwin */
 
   /* Now validate the rest of the URI. */

Thanks,
Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-11-16 18:37:08 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.