[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Suspect buffer underrun in svn_path_uri_decode

From: Klaus Rennecke <kre_at_tigris.org>
Date: 2004-07-04 18:43:50 CEST

While browsing through it to find out more about flow control, I
stumbled over this:

[...libsvn_subr/path.c@r10135 line 850...]
  for (i = 0; path[i]; i++)
    {
      char c = path[i];
[...snip...]
      else if (c == '%')
        {
          char digitz[3];
          digitz[0] = path[++i];
          digitz[1] = path[++i];
          digitz[2] = '\0';|
[...]

So, where will this end up with an input of "http://c.r.a/s%" ? Granted,
it's not really a valid URL, but that's no reason to plow through the
heap, is it? :-)

/Klaus

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Jul 4 18:45:29 2004

This is an archived mail posted to the Subversion Dev mailing list.