Suspect buffer underrun in svn_path_uri_decode

From: Klaus Rennecke <kre_at_tigris.org>
Date: 2004-07-04 18:43:50 CEST

While browsing through it to find out more about flow control, I
stumbled over this:

[...libsvn_subr/path.c@r10135 line 850...]
  for (i = 0; path[i]; i++)
    {
      char c = path[i];
[...snip...]
      else if (c == '%')
        {
          char digitz[3];
          digitz[0] = path[++i];
          digitz[1] = path[++i];
          digitz[2] = '\0';|
[...]

So, where will this end up with an input of "http://c.r.a/s%" ? Granted,
it's not really a valid URL, but that's no reason to plow through the
heap, is it? :-)

/Klaus

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Jul 4 18:45:29 2004

This message: [ Message body ]
Next message: Greg Hudson: "Re: svn commit: r10133 - in trunk/subversion: include libsvn_subr tests/clients/cmdline tests/libsvn_subr"
Previous message: Branko Čibej: "Re: svn commit: r10133 - in trunk/subversion: include libsvn_subr tests/clients/cmdline tests/libsvn_subr"
Next in thread: Klaus Rennecke: "Re: Suspect buffer underrun in svn_path_uri_decode"
Reply: Klaus Rennecke: "Re: Suspect buffer underrun in svn_path_uri_decode"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]