[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Some odd nits in an older revision of SVN

From: Bill Tutt <rassilon_at_lyra.org>
Date: 2002-02-19 18:46:02 CET

I performed some magic on an older version of SVN I had checked out and
buildable and I noticed the following:

libsvn_subr/time.c:svn_time_From_nts:
1) Ignores sscanf’s return value. This can result in members of exploded
time having very undefined values.
2) when is undefined if tm_year < 70

libsvn_subr/svn_base64.c:encode_partial_group : potential stack clobber
here.
Ingroup (a local variable) is used as the destination of the memcpy but
no validation is performed on the amount of data that is copied.

libsvn_delta/svndiff.c:decode_instruction:
For the switch on the instruction selector it’s very important to always
set op->action_code otherwise callers will see uninitialized data there.

Have I mentioned how bad strcpy, and sprintf are lately? I noticed some
more of these evil beasties had creeped into svn again. :)

FYI,
Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:37:08 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.