[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Lack of validation in svn_repos_open()

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2005-12-07 00:17:37 CET

On Tue, 6 Dec 2005, Malcolm Rowe wrote:

> On Tue, Dec 06, 2005 at 03:51:36PM -0500, Greg Hudson wrote:
> > On Tue, 2005-12-06 at 19:29 +0000, Malcolm Rowe wrote:
> > You're correct that higher-level functions which inherit this
> > requirement do not appear to document it.
>
> Yes, that's the thing. I'm also kinda surprised that we abort() when
> we find a path with a trailing slash (for comparison, we return an error
> if we find an invalid UTF-8 string).
>
That's comparing apples to oranges. A non-canonicalized path is a
programming error. Bad UTF8 is bad input from outside the program; the
recoding routines are responsible for checking that. Yeah, we could move
this input validation upwards to where the input enters our system. But
that would mean *maaaaaaaaaaaaaaaany* places where we read something from
the network, filesystem or the user.

I think the assert is correct for non-canonical paths. Bindings can make
sure their input is valid. I like that much more than cluttering the core
code with confusing error messages that shouldn't happen (yeah, I'm a
translator as well:-)

Thanks,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Dec 7 00:18:55 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.