Jelmer Vernooij <jelmer_at_samba.org> writes:
> svn_path_canonicalize() will try to access a single byte before its
> allocated buffer if the path specified is "". The attached patch fixes
> this. I've confirmed the error and the fix with valgrind.
>
> [[[
> * subversion/libsvn_subr/path.c (svn_canonicalize_path): Avoid
> accessing unitialized memory when path is "".
> ]]]
Your fix looks correct to me. But I think path=="" is the only case
where your dst > canon check would get invoked anyway. If so, a better
fix might be to just test for the special case at the top of the
function:
Index: subversion/libsvn_subr/path.c
===================================================================
--- subversion/libsvn_subr/path.c (revision 31834)
+++ subversion/libsvn_subr/path.c (working copy)
@@ -1248,6 +1248,10 @@
apr_size_t canon_segments = 0;
svn_boolean_t uri;
+ /* "" is already canonical */
+ if (! *path)
+ return path;
+
dst = canon = apr_pcalloc(pool, strlen(path) + 1);
/* Copy over the URI scheme if present. */
Thoughts?
-Karl
> === modified file 'subversion/libsvn_subr/path.c'
> --- subversion/libsvn_subr/path.c 2008-06-13 10:43:20 +0000
> +++ subversion/libsvn_subr/path.c 2008-06-22 00:55:30 +0000
> @@ -1310,7 +1310,7 @@
> }
>
> /* Remove the trailing slash if necessary. */
> - if (*(dst - 1) == '/')
> + if (dst > canon && *(dst - 1) == '/')
> {
> /* If we had any path components, we always remove the trailing slash. */
> if (canon_segments > 0)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-22 03:34:37 CEST