[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: mergeinfo API cleanup: questions

From: David Glasser <glasser_at_davidglasser.net>
Date: Mon, 18 Feb 2008 10:46:23 -0800

On Feb 18, 2008 10:38 AM, Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu> wrote:
>
> Hyrum K. Wright wrote:
> > David Glasser wrote:
> > ...
> >> * svn_rangelist_count_revs, svn_rangelist_to_revs, and
> >> svn_range_compact are never used outside of the test suite. Do we
> >> need them? I guess the first two might hypothetically be useful to
> >> other clients. What about svn_range_compact?
> >
> > The first two were originally were part of 'log -g'. Their usefulness
> > may return before I'm finished with 'log -g', so I would wait until that
> > point to remove them.
>
> I've moved svn_rangelist_to_revs() to be a private function in
> libsvn_repos. It may still get cut, and I'd like to keep it out of the
> public API. svn_rangelist_count_revs() can be safely removed.

Cool.

btw, Hyrum and I talked about this on IRC the other day, but: I'm a
little worried that any codepath that uses svn_rangelist_to_revs (or
the new private version) is a potential DOS risk. If somebody can
check in a mergeinfo prop (or otherwise get svn_rangelist_to_revs
applied a string) containing "1-1000000000", any call to that function
will make the server slowly allocate a large amount of memory...

--dave 

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-02-18 19:46:34 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.