Philip Martin <philip@codematters.co.uk> writes:
> You don't need a Windows build, valgrind on Unix shows that Arild's
> analysis is correct. Using 'svn ci -N wc/foo' the problem occurs on
> the *second* call to svn_path_condense_targets, with the code
>
> /* If a common prefix was found, condensed_targets
> are given relative to that prefix. */
> if (basedir_len > 0)
> rel_item += basedir_len + 1;
>
> (*((const char **)apr_array_push (*pcondensed_targets)))
> = apr_pstrdup (pool, rel_item);
>
> rel_item is an absolute path, something like "/home/pm/wc/foo", and
> basedir_len is the strlen of that path. So adding basedir_len+1 to
> rel_item produces a pointer to arbitrary memory.
Oh yeah! I forgot I had valgrind! Thanks, Phillip. Is the following
the part of the valgrind output that is telling me of this problem?
==19158== Conditional jump or move depends on uninitialised value(s)
==19158== at 0x40168B76: strlen (vg_clientfuncs.c:436)
==19158== by 0x403E95DE: apr_pstrdup (apr_strings.c:114)
==19158== by 0x402E775D: svn_path_condense_targets (subversion/libsvn_subr/target.c:171)
==19158== by 0x4021973E: svn_client_commit (subversion/libsvn_client/commit.c:733)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 29 20:14:20 2003