[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Unitialised memory mergeinfo-test 6, 16 and diff-diff3-test 15

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Mon, 25 Mar 2013 16:29:40 +0000

I've been experimenting with GCC's address sanitizer which is a tool for
catching memory problems. It has identified some uses of uninitialised
memory. valgrind also detects problems at the same places:

$ valgrind -q .libs/lt-mergeinfo-test 6
==6075== Invalid read of size 8
==6075== at 0x4C2B5A0: memmove (mc_replace_strmem.c:981)
==6075== by 0x507A989: svn_rangelist__combine_adjacent_ranges (mergeinfo.c:653)
==6075== by 0x507AC19: parse_revision_line (mergeinfo.c:706)
==6075== by 0x507AD7A: parse_top (mergeinfo.c:737)
==6075== by 0x507AE21: svn_mergeinfo_parse (mergeinfo.c:752)
==6075== by 0x403D14: rev_array_to_rangelist (mergeinfo-test.c:963)
==6075== by 0x403ED8: test_rangelist_remove_randomly (mergeinfo-test.c:1003)
==6075== by 0x4E34C6A: do_test_num (svn_test_main.c:268)
==6075== by 0x4E35686: main (svn_test_main.c:551)
==6075== Address 0x7f21090 is 0 bytes after a block of size 128 alloc'd
==6075== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==6075== by 0x52E5DDB: pool_alloc (apr_pools.c:1463)
==6075== by 0x52E5F57: apr_palloc_debug (apr_pools.c:1504)
==6075== by 0x52DBA47: apr_array_push (apr_tables.c:113)
==6075== by 0x507A586: parse_rangelist (mergeinfo.c:559)
==6075== by 0x507AAD1: parse_revision_line (mergeinfo.c:685)
==6075== by 0x507AD7A: parse_top (mergeinfo.c:737)
==6075== by 0x507AE21: svn_mergeinfo_parse (mergeinfo.c:752)
==6075== by 0x403D14: rev_array_to_rangelist (mergeinfo-test.c:963)
==6075== by 0x403ED8: test_rangelist_remove_randomly (mergeinfo-test.c:1003)
==6075== by 0x4E34C6A: do_test_num (svn_test_main.c:268)
==6075== by 0x4E35686: main (svn_test_main.c:551)

mergeinfo-test 16 triggers the same problem.

$ valgrind -q .libs/lt-diff-diff3-test 15
==6097== Invalid read of size 1
==6097== at 0x503FD83: find_identical_suffix (diff_file.c:586)
==6097== by 0x5040C45: datasources_open (diff_file.c:815)
==6097== by 0x503D6B2: svn_diff_diff3_2 (diff3.c:276)
==6097== by 0x5041D3A: svn_diff_file_diff3_2 (diff_file.c:1327)
==6097== by 0x401F2F: three_way_merge (diff-diff3-test.c:191)
==6097== by 0x4027B7: two_way_diff (diff-diff3-test.c:311)
==6097== by 0x405DF8: test_token_compare (diff-diff3-test.c:2589)
==6097== by 0x4E34C6A: do_test_num (svn_test_main.c:268)
==6097== by 0x4E35686: main (svn_test_main.c:551)
==6097== Address 0x138585af is 1 bytes before a block of size 131,072 alloc'd
==6097== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==6097== by 0x572DDDB: pool_alloc (apr_pools.c:1463)
==6097== by 0x572DF57: apr_palloc_debug (apr_pools.c:1504)
==6097== by 0x503FACA: find_identical_suffix (diff_file.c:558)
==6097== by 0x5040C45: datasources_open (diff_file.c:815)
==6097== by 0x503D6B2: svn_diff_diff3_2 (diff3.c:276)
==6097== by 0x5041D3A: svn_diff_file_diff3_2 (diff_file.c:1327)
==6097== by 0x401F2F: three_way_merge (diff-diff3-test.c:191)
==6097== by 0x4027B7: two_way_diff (diff-diff3-test.c:311)
==6097== by 0x405DF8: test_token_compare (diff-diff3-test.c:2589)
==6097== by 0x4E34C6A: do_test_num (svn_test_main.c:268)
==6097== by 0x4E35686: main (svn_test_main.c:551)

-- 
Certified & Supported Apache Subversion Downloads:
http://www.wandisco.com/subversion/download
Received on 2013-03-25 17:30:29 CET

This is an archived mail posted to the Subversion Dev mailing list.