[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Some odd nits in an older revision of SVN

From: Bill Tutt <rassilon_at_lyra.org>
Date: 2002-02-19 18:46:02 CET

I performed some magic on an older version of SVN I had checked out and
buildable and I noticed the following:

1) Ignores sscanf’s return value. This can result in members of exploded
time having very undefined values.
2) when is undefined if tm_year < 70

libsvn_subr/svn_base64.c:encode_partial_group : potential stack clobber
Ingroup (a local variable) is used as the destination of the memcpy but
no validation is performed on the amount of data that is copied.

For the switch on the instruction selector it’s very important to always
set op->action_code otherwise callers will see uninitialized data there.

Have I mentioned how bad strcpy, and sprintf are lately? I noticed some
more of these evil beasties had creeped into svn again. :)


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:37:08 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.