[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Lack of validation in svn_repos_open()

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2005-12-06 18:47:35 CET

On Tue, 2005-12-06 at 17:31 +0000, Malcolm Rowe wrote:
> This is a bug in the Subversion libraries - we should never abort()
> if a caller supplies a path with a trailing slash by mistake.

Our philosophy has been that supplying a non-canonical path to a
function which expects one is like passing an uninitialized or NULL
value to a function expecting a valid pointer: a programming error which
should result in a crash or abort, not an error return.

It's been pointed out that this philosophy isn't terribly friendly to
the bindings, because the expected consequence of a programming error in
a scripted environment is some kind of exception, not a crash. It's not
clear what the best solution is. Some of these functions don't return
an svn_error_t * because they can never fail if called correctly.
Adding error messages which the user is never expected to see is
confusing to translators (we already have a bunch of those because bad
data could arrive over the network or from disk). The bindings could do
their own checking and generate language-specific exceptions, but that
might expand the amount of work the bindings have to do by a large
amount.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 6 19:13:35 2005

This is an archived mail posted to the Subversion Dev mailing list.