[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

possible crash in svn_client_uuid_from_path

From: SteveKing <steveking_at_gmx.ch>
Date: 2005-06-23 19:22:35 CEST


An analysis of a crashreport sent in for TSVN I discovered that
svn_client_uuid_from_path() can crash under certain circumstances.

TSVN calls this function like this:

        svn_wc_adm_access_t *adm_access;
        SVN_ERR (svn_wc_adm_probe_open2 (&adm_access, NULL, target,
                FALSE, 0, pool));
        SVN_ERR (svn_client_uuid_from_path(UUID, target, adm_access, m_pctx,
        SVN_ERR (svn_wc_adm_close (adm_access));

with UUID being 'const char **' and target being a path to a local
working copy in form 'const char *'.

Now, this is how the crash occurs:
In svn_client_uuid_from_path() this is the code:

   const svn_wc_entry_t *entry;

   SVN_ERR (svn_wc_entry (&entry, path, adm_access,
                          TRUE, /* show deleted */ pool));

   if (! entry)
     return svn_error_createf (SVN_ERR_ENTRY_NOT_FOUND, NULL,
                               _("Can't find entry for '%s'"),
                               svn_path_local_style (path, pool));

   if (entry->uuid)
       *uuid = entry->uuid;
       /* fallback to using the network. */
       SVN_ERR (svn_client_uuid_from_url (uuid, entry->url, ctx, pool));

   return SVN_NO_ERROR;

The problem is that for certain paths (nested layout), the function uses
the 'fallback to using the network', but not only entry->uuid is NULL,
but also entry->url! So with entry->url being NULL, the called API's crash:

svn_client_uuid_from_url() (ra.c: line 308)
  svn_client__open_ra_session() (ra_loader.c: line 249)
   has_scheme_of() (ra_loader.c: line 197)
--> crash in strncasecmp() because the URL is NULL.

All this with Subversion 1.2.
Haven't tested it with HEAD though.


   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.tigris.org
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 23 19:27:32 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.