[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Segmentation fault in dav_svn_get_txn

From: Christof Meerald <cmeerw_at_web.de>
Date: 2004-02-11 20:07:53 CET


I have discovered a segmentation fault in
subversion/mod_dav_svn/activity.c (Subversion 0.37.0) in function
dav_svn_get_txn. It unconditionally invokes apr_dbm_freedatum(dbm,
value) even if value hasn't been initialized. Obviously, the call to
apr_dbm_freedatum should be moved up two lines (just after the
apr_pstrdup). Here is the fixed version:

const char *dav_svn_get_txn(const dav_svn_repos *repos,
                            const char *activity_id)
  apr_dbm_t *dbm;
  apr_status_t status;
  const char *pathname;
  apr_datum_t key;
  apr_datum_t value;
  const char *txn_name = NULL;

  pathname = svn_path_join(repos->fs_path, ACTIVITY_DB, repos->pool);
  status = apr_dbm_open(&dbm, pathname, APR_DBM_READONLY,
                        APR_OS_DEFAULT, repos->pool);
  if (status != APR_SUCCESS)
      /* ### let's just assume that any error means the DB doesn't exist,
         ### therefore, the activity/transaction doesn't exist */
      return NULL;

  key.dptr = (char *)activity_id;
  key.dsize = strlen(activity_id) + 1; /* null-term'd */
  if (apr_dbm_exists(dbm, key))
      status = apr_dbm_fetch(dbm, key, &value);
      if (status != APR_SUCCESS)
          /* ### again: assume failure means it doesn't exist */
          return NULL;
      txn_name = apr_pstrdup(repos->pool, value.dptr); /* null-term'd */
      apr_dbm_freedatum(dbm, value);


  return txn_name;

bye, Christof

mailto cmeerw at web.de
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 11 20:15:22 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.