On Sun, Nov 16, 2008 at 08:10:26PM +0200, Daniel Shahaf wrote:
> > > $ svn cleanup
> > >
> > > Program received signal SIGSEGV, Segmentation fault.
> > > [Switching to Thread 47116375701120 (LWP 8732)]
> > > 0x00002ada2100e056 in svn_uri_is_canonical (
> > > uri=0x6653b0 "svn+ssh://svn@10.0.1.1")
> > > at subversion/libsvn_subr/dirent_uri.c:1029
> > > 1029 while (*ptr != '/')
> >
> > From reading the code, it looks like we are running over the end
> > of that string into uninitialised memory.
> >
> > Jens, can you try this patch?
> > And can someone other than Jens try this patch on windows?
> >
>
> How to try this patch? Shall I just apply it and run dirent_uri-tests.exe?
I'm not sure :)
I'm just here to make sure we don't read past that string :P
Jens described his setup earlier in this thread.
What seems to trigger the bug seems to be that the string
"svn+ssh://svn@10.0.1.1" does not end with a slash.
In the following code snippet, ptr points to the following
part of that string: "svn_at_10.0.1.1"
The change I made to fix the crash is also shown:
/* Found a hostname, check that it's all lowercase. */
ptr = seg;
- while (*ptr != '/')
+ while (*ptr && *ptr != '/')
{
if (*ptr >= 'A' && *ptr <= 'Z')
return FALSE;
ptr++
}
I've also checked whether remaining code in that function
will be able to cope with ptr pointing to the terminating
null, and it looks OK to me. Hence back to Jens and others
for testing :)
> (Should we add svn:// | file:// test cases to that file?)
Regression tests are always a good idea. :)
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-11-16 19:38:28 CET