[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Lack of validation in svn_repos_open()

From: Daniel Rall <dlr_at_collab.net>
Date: 2005-12-07 00:22:17 CET

On Tue, 06 Dec 2005, Malcolm Rowe wrote:

> On Tue, Dec 06, 2005 at 03:51:36PM -0500, Greg Hudson wrote:
> > On Tue, 2005-12-06 at 19:29 +0000, Malcolm Rowe wrote:
> > > Ow. That seems... extreme, not to mention unexpected. Unless I'm
> > > missing something, we don't actually seem to document this anywhere
> > > either: certainly not in svn_repos.h, and not in svn_path.h either.
> >
> > It's in svn_path.h:
> >
> > * All paths passed to the @c svn_path_xxx functions, with the exceptions of
> > * the svn_path_canonicalize() and svn_path_internal_style() functions,
> > * must be in canonical form.
> >
>
> I saw that, but I'm not calling an svn_path_ function, I'm calling
> svn_repos_open() ;-)
>
> Pernickety, perhaps.
>
> > You're correct that higher-level functions which inherit this
> > requirement do not appear to document it.
>
> Yes, that's the thing. I'm also kinda surprised that we abort() when
> we find a path with a trailing slash (for comparison, we return an error
> if we find an invalid UTF-8 string).

I also would prefer that we return an error. However, Greg mentioned
that not all functions which trigger this assertion necessarily return
a svn_error_t *. What would be the scope of the API impact of
adding/changing the return types where necessary?

--
Daniel Rall

  • application/pgp-signature attachment: stored
Received on Wed Dec 7 00:20:55 2005

This is an archived mail posted to the Subversion Dev mailing list.