[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: crash in latest release

From: Branko Čibej <brane_at_wandisco.com>
Date: Tue, 09 Oct 2012 22:15:01 +0200

On 09.10.2012 21:49, Stefan Küng wrote:
> Hi,
>
> Just got the first crash report for the TSVN 1.7.10 release (svn 1.7.7).
> Considering that the release is only an hour old, that indicates that
> I will get a lot more of those...
>
> Problem in libsvn_subr/win32_crypto.c, function
> windows_password_decrypter(svn_boolean_t *done, ...):
>
> ...
> if (!done)
> return SVN_NO_ERROR;
>
>
> now here the check is for the pointer, not the actual bool value.
> And if it's set to false, the pointer check is still true and the code
> goes on instead of returning here.
>
> trunk and 1.7.x have the same bug, even though on trunk the code
> before the if() is slightly different.
>
> I think this needs to change to:
>
> if (!*done)
> return SVN_NO_ERROR;

You're right. Fixed in r1396285 but I don't have a way to test it.

I don't know why our test suite didn't catch this; it should trigger
every time an encrypted password is read from disk on Windows. But maybe
the testsuite doesn't even test that.

Stefan, if you can verify that the fix works, I'll propose it for
backport to 1.7. I think, for a crash as basic as this one, we should
probably roll 1.7.8 as soon as the fix is confirmed.

-- Brane

> I'm thinking of removing the latest TSVN release from the download
> servers since this will crash every time a repository is accessed with
> windows authentication - which most companies use.

-- 
Certified & Supported Apache Subversion Downloads:
http://www.wandisco.com/subversion/download
Received on 2012-10-09 22:15:39 CEST

This is an archived mail posted to the Subversion Dev mailing list.