On Mon, Jan 24, 2011 at 2:22 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
> [Using dev@ as a public TODO list to avoid pushing stack on a task.]
>
> In mod_dav_svn/mirror.c:dav_svn__location_body_filter() and
> dav_svn__location_in_filter() are code blocks like this:
>
> if (uri.path)
> canonicalized_uri = svn_urlpath__canonicalize(uri.path, r->pool);
> else
> canonicalized_uri = uri.path;
> if (strcmp(canonicalized_uri, root_dir) == 0) {
> [...]
>
> So ... if uri.path == NULL, then canonicalized_uri is set to NULL, and then
> that NULL is used in a strcmp(). Won't that SEGFAULT?
Passing NULL for either argument to strcmp() results in undefined behavior.
In 7.1.4, Use of library functions, the C Standard states:
> Each of the following statements applies unless explicitly stated otherwise
> in the detailed descriptions that follow: If an argument to a function has an
> invalid value (such as a value outside the domain of the function, or a
> pointer outside the address space of the program, or a null pointer, or a
> pointer to non-modifiable storage when the corresponding parameter is not
> const-qualified) or a type (after promotion) not expected by a function with
> variable number of arguments, the behavior is undefined.
Combined with the fact that 7.21.4.2, The `strcmp` function, does not
explicitly state otherwise that a NULL pointer is allowed for either
argument to strcmp(), this is UB.
Received on 2011-01-25 01:01:02 CET