Re: Another valgrind warning, deltify_by_id()

From: Greg Stein <gstein_at_lyra.org>
Date: 2002-05-15 10:27:27 CEST

On Wed, May 15, 2002 at 03:18:45AM +0100, Philip Martin wrote:
>...
> tmp_id->digits = apr_pmemdup (trail->pool, target_id->digits,
> (len + 3) * sizeof (target_id->digits[0]));
>...
> claiming that the memcpy within apr_pmemdup is reading from beyond the
> end of allocated memory

It's right, as you suspected :-)

> This warning looks correct to me: it appears that the code is
> allocating 2 digits more in tmp_id than exist in target_id since
> svn_fs__id_length() doesn't count the terminating -1. Thus the
> apr_pmemdup will try to copy more digits from target_id than actually
> exist.

Yup.

> I believe the code should be something like
>
> tmp_id->digits = apr_palloc (trail->pool,
> (len + 3) * sizeof (target_id->digits[0]));
> memcpy (tmp_id->digits, target_id->digits,
> len * sizeof (target_id->digits[0]));
> tmp_id->digits[len] = 1;
> tmp_id->digits[len + 1] = 1;
> tmp_id->digits[len + 2] = -1;
>
> I'm getting to be quite impressed by valgrind!

Agreed. +1

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed May 15 10:25:58 2002

This message: [ Message body ]
Next message: peter.westlake_at_arm.com: "Re: svn commit: rev 1957 - trunk/subversion/include trunk/subversion/libsvn_wc"
Previous message: Daniel Berlin: "Re: Another valgrind warning, deltify_by_id()"
In reply to: Philip Martin: "Another valgrind warning, deltify_by_id()"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]