[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Fix unitialized memory access in svn_canonicalize_path()

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Sat, 21 Jun 2008 21:34:12 -0400

Jelmer Vernooij <jelmer_at_samba.org> writes:
> svn_path_canonicalize() will try to access a single byte before its
> allocated buffer if the path specified is "". The attached patch fixes
> this. I've confirmed the error and the fix with valgrind.
>
> [[[
> * subversion/libsvn_subr/path.c (svn_canonicalize_path): Avoid
> accessing unitialized memory when path is "".
> ]]]

Your fix looks correct to me. But I think path=="" is the only case
where your dst > canon check would get invoked anyway. If so, a better
fix might be to just test for the special case at the top of the
function:

Index: subversion/libsvn_subr/path.c
===================================================================
--- subversion/libsvn_subr/path.c (revision 31834)
+++ subversion/libsvn_subr/path.c (working copy)
@@ -1248,6 +1248,10 @@
   apr_size_t canon_segments = 0;
   svn_boolean_t uri;
 
+ /* "" is already canonical */
+ if (! *path)
+ return path;
+
   dst = canon = apr_pcalloc(pool, strlen(path) + 1);
 
   /* Copy over the URI scheme if present. */

Thoughts?

-Karl

> === modified file 'subversion/libsvn_subr/path.c'
> --- subversion/libsvn_subr/path.c 2008-06-13 10:43:20 +0000
> +++ subversion/libsvn_subr/path.c 2008-06-22 00:55:30 +0000
> @@ -1310,7 +1310,7 @@
> }
>
> /* Remove the trailing slash if necessary. */
> - if (*(dst - 1) == '/')
> + if (dst > canon && *(dst - 1) == '/')
> {
> /* If we had any path components, we always remove the trailing slash. */
> if (canon_segments > 0)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-22 03:34:37 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.