> From: Karl Fogel [mailto:kfogel@newton.ch.collab.net]
> Sent: 18 March 2002 06:58
> Is there maybe a bug in apr_palloc()? I'm not 100% sure of it yet;
Nope ;)
> been trying to find the source of this bug in Subversion itself, so
> far unsuccessfully. Apologies that this reproduction recipe requires
> building a patched Subversion; tried to come up with a smaller recipe,
> but the bug didn't reproduce.
No prob.
> The symptoms below point to a bug either in apr_palloc(), or in SVN's
> stringbuf allocating/appending/resizing code...
Yes, in svn_stringbuf_strip_whitespace to be exact. I'll paste some
of my stepping through the code here to make it clear.
(gdb) p *ctx->value
$9 = {data = 0x80f3ac9 " value2", len = 7, blocksize = 8, pool = 0x80f3950}
^^^^^^^^^ ^
The base address of our string, so we have 8 bytes from there, given the
blocksize.
[...]
101 svn_stringbuf_strip_whitespace (ctx->value);
(gdb) p *ctx->value
$10 = {data = 0x80f3aca "value2", len = 6, blocksize = 8, pool = 0x80f3950}
^^^^^^^^^ ^
Ah, the base address just changed, but the blocksize didn't. In reality
we only have 7 bytes from the base addr, not 8. Now this wouldn't be
a problem if the stringbuf wasn't used after that, but:
92 svn_stringbuf_setempty (ctx->value);
(gdb) p *ctx->value
$11 = {data = 0x80f3aca "", len = 0, blocksize = 8, pool = 0x80f3950}
^^^^^^^^^ ^
Everytime you recycle the stringbuf and strip off whitespace at the beginning
of the string, you loose capacity.
The apparent patch, now we know this, is at the bottom of this mail.
Sander
Log:
* subversion/libsvn_subr/svn_string.c
(svn_stringbuf_strip_whitespace): Fix a bug that caused overflow of
our stringbuf. When the base address is advanced, the capacity
should be decreased by the same amount.
Index: ./subversion/libsvn_subr/svn_string.c
===================================================================
--- ./subversion/libsvn_subr/svn_string.c
+++ ./subversion/libsvn_subr/svn_string.c Mon Mar 18 10:52:40 2002
@@ -462,6 +462,7 @@
/* Go ahead! Waste some RAM, we've got pools! :) */
str->data += offset;
str->len -= offset;
+ str->blocksize -= offset;
/* Now that we've chomped whitespace off the front, search backwards
from the end for the first non-whitespace. */
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Mar 18 10:58:22 2002