Arthur Shipkowski wrote:
> I've been observing a segfault during an "svn merge" operation under
> 1.6.1 (running x86_64 Linux, though I've also reproduced it under 32-bit
> Linux; the repository in question is has not friendly to Windows for a
> third comparison).
>
> It appears that in find_nearest_ancestor at line 2205, child is getting
> a NULL pointer out of children_with_mergeinfo even though i is less
> than nelts. Two lines later it's dereferenced, and the segfault occurs.
Attaching fix for svn 1.6.1. Looks like this is already fixed a
different way in the trunk.
- Russ
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1951038
* subversion/libsvn_client/merge.c:
(find_nearest_ancestor): prevent a NULL pointer dereference that can
happen when remove_children_with_deleted_mergeinfo() sets an item in
the children_with_mergeinfo array to NULL.
diff -r d614f3ea75fa subversion/libsvn_client/merge.c
--- a/subversion/libsvn_client/merge.c Mon Apr 27 13:03:46 2009 -0400
+++ b/subversion/libsvn_client/merge.c Mon Apr 27 14:40:11 2009 -0400
@@ -2204,7 +2204,8 @@ find_nearest_ancestor(apr_array_header_t
{
svn_client__merge_path_t *child =
APR_ARRAY_IDX(children_with_mergeinfo, i, svn_client__merge_path_t *);
- if (svn_path_is_ancestor(child->path, path)
+ if (child != NULL
+ && svn_path_is_ancestor(child->path, path)
&& (path_is_own_ancestor
|| svn_path_compare_paths(child->path, path) != 0))
ancestor_index = i;
Received on 2009-04-28 02:46:43 CEST