[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: abort or assert?

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2004-11-09 22:37:45 CET

Branko Èibej <brane@xbc.nu> wrote on 11/09/2004 04:34:32 PM:

> Mark Phippard wrote:
> >
> >I think it is a pretty tough decision. I do not like the idea that
anyone
> >could so easily just bring down a server. How is that different than a

> >DoS? Would it be outside the realm of possibility for the server to
just
> >terminate the conversation in this situation, as opposed to aborting?
Is
> >the error just too deep in the Subversion library to percolate back up
to
> >the level that would need to do that?
> >
> >
> Maybe I should have said this differently. The assert isn't the cause of

> the bug, it's a symptom. There is a bug on the client side, which causes

> it to send paths to the server that we document as invalid. There's also

> a bug on the server, which should be checking untrusted input. But there

> is no bug in svn_path_remove_component (<hedge>at least, aborting on
> invalid parameters is not a bug...</hedge>)..
>
> >FWIW, the latest Subclipse version does not do this, but the older
> >version, which you have to use with IBM's WSAD 5.x, does.
> >
> >
> Very good, that means at least one of the bugs is no longer in the
> mainline. The bug in svnserve remains, and should be fixed -- but not by

> disabling asserts.
>
> BTW, it seems that the latest versions of MSVCRT.dll do contain runtime
> support for assert. So I'm about to remove NDEBUG from our Win32 build
> scripts (excepth the APR wrappers for VS.NET).

OK, thanks for the explanation. I will probably take NDEBUG out of our
release builds, too. Is it OK if I enter an issue for svnserve on this
problem then?

Thanks

Mark

_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 9 22:37:57 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.