[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Another valgrind warning, deltify_by_id()

From: Greg Stein <gstein_at_lyra.org>
Date: 2002-05-15 10:27:27 CEST

On Wed, May 15, 2002 at 03:18:45AM +0100, Philip Martin wrote:
>...
> tmp_id->digits = apr_pmemdup (trail->pool, target_id->digits,
> (len + 3) * sizeof (target_id->digits[0]));
>...
> claiming that the memcpy within apr_pmemdup is reading from beyond the
> end of allocated memory

It's right, as you suspected :-)

> This warning looks correct to me: it appears that the code is
> allocating 2 digits more in tmp_id than exist in target_id since
> svn_fs__id_length() doesn't count the terminating -1. Thus the
> apr_pmemdup will try to copy more digits from target_id than actually
> exist.

Yup.

> I believe the code should be something like
>
> tmp_id->digits = apr_palloc (trail->pool,
> (len + 3) * sizeof (target_id->digits[0]));
> memcpy (tmp_id->digits, target_id->digits,
> len * sizeof (target_id->digits[0]));
> tmp_id->digits[len] = 1;
> tmp_id->digits[len + 1] = 1;
> tmp_id->digits[len + 2] = -1;
>
> I'm getting to be quite impressed by valgrind!

Agreed. +1

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed May 15 10:25:58 2002

This is an archived mail posted to the Subversion Dev mailing list.