On Mon, Nov 12, 2012 at 4:29 PM, Philip Martin
<philip.martin_at_wandisco.com> wrote:
> Ivan Zhakov <ivan_at_visualsvn.com> writes:
>
>> On Wed, Nov 7, 2012 at 2:03 AM, <cmpilato_at_apache.org> wrote:
>>> /* Open the file associated with INFO for editing, pass along any
>>> propchanges we've recorded for it, and then close the file. */
>>> static svn_error_t *
>>> @@ -1189,6 +1234,7 @@ handle_propchange_only(report_info_t *in
>>> svn_pool_destroy(info->pool);
>>>
>>> info->dir->ref_count--;
>>> + SVN_ERR(maybe_close_dir_chain(info->dir));
>>>
>>> return SVN_NO_ERROR;
>>> }
>>> @@ -1213,6 +1259,7 @@ handle_local_content(report_info_t *info
>>> svn_pool_destroy(info->pool);
>>>
>>> info->dir->ref_count--;
>>> + SVN_ERR(maybe_close_dir_chain(info->dir));
>>>
>> Mike,
>>
>> This change seems to cause problem with access to freed memory: list
>> item also allocated in dir pool and finish_report() accesses it after
>> calling to handle_local_content().
>
> I get SEGV when using a 1.8 client to checkout from a 1.7 server,
> valgrind reports:
>
> ==19159== Invalid read of size 8
> ==19159== at 0x6EF7E1F: finish_report (update.c:2637)
> ==19159== by 0x50CCC6C: svn_wc_crawl_revisions5 (adm_crawler.c:858)
> ==19159== by 0x4EA000C: update_internal (update.c:427)
> ==19159== by 0x4EA0596: svn_client__update_internal (update.c:569)
> ==19159== by 0x4E46E44: svn_client__checkout_internal (checkout.c:165)
> ==19159== by 0x4E46F59: svn_client_checkout3 (checkout.c:205)
> ==19159== by 0x409614: svn_cl__checkout (checkout-cmd.c:161)
> ==19159== by 0x4197E3: sub_main (main.c:2735)
> ==19159== by 0x4199CC: main (main.c:2790)
> ==19159== Address 0xa3b1bd0 is not stack'd, malloc'd or (recently) free'd
>
I'm also get similar crash on Windows and MacOS. Commenting call to
maybe_close_dir() in handle_propchange_only()/handle_local_content()
fixes them, but increase memory usage.
--
Ivan Zhakov
Received on 2012-11-12 14:23:00 CET