[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Out of bounds array access in hooks.c

From: Daniel <danielsh_at_fastmail.fm>
Date: 2007-12-10 19:10:38 CET

Hi All,

hooks.c declares (line 551) an array of four elements and accesses five
of its elements:

    {
      const char *args[4];
      char *capabilities_string = svn_cstring_join(capabilities, ":", pool);

      /* Get rid of that annoying final colon. */
      if (capabilities_string[0])
        capabilities_string[strlen(capabilities_string) - 1] = '\0';

      args[0] = hook;
      args[1] = svn_path_local_style(svn_repos_path(repos, pool), pool);
      args[2] = user ? user : "";
      args[3] = capabilities_string;
      args[4] = NULL;

      SVN_ERR(run_hook_cmd(SVN_REPOS__HOOK_START_COMMIT, hook, args, NULL,
                           pool));
    }

This fixes the problem:

[[[
Follow-up to r27614: Fix segfault.

* subversion/libsvn_repos/hooks.c
  (svn_repos__hooks_start_commit): Allocate one more array element.
]]]

Index: subversion/libsvn_repos/hooks.c
===================================================================
--- subversion/libsvn_repos/hooks.c (revision 28371)
+++ subversion/libsvn_repos/hooks.c (working copy)
@@ -548,7 +548,7 @@
     }
   else if (hook)
     {
- const char *args[4];
+ const char *args[5];
       char *capabilities_string = svn_cstring_join(capabilities, ":", pool);
 
       /* Get rid of that annoying final colon. */

Daniel

-- 
http://www.fastmail.fm/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 10 19:10:48 2007

This is an archived mail posted to the Subversion Dev mailing list.