Roderich Schupp <roderich.schupp_at_gmail.com> writes:
> Here's the proposed fix (for SVN 1.7.x)
>
> --- subversion/bindings/swig/perl/libsvn_swig_perl/swigutil_pl.c
> +++ subversion/bindings/swig/perl/libsvn_swig_perl/swigutil_pl.c
> @@ -116,7 +116,7 @@
> while (cnt--) {
> SV* item = hv_iternextsv(h, &key, &retlen);
> void *val = cv(item, ctx, pool);
> - apr_hash_set(hash, key, APR_HASH_KEY_STRING, val);
> + apr_hash_set(hash, apr_pstrmemdup(pool, key, retlen), retlen, val);
> }
>
> return hash;
Fixes go on trunk first, and then get backported to 1.8 and 1.7. I can
reproduce the bug on trunk, valgrind shows:
==7249== Invalid read of size 1
==7249== at 0x4C2B0B9: bcmp (mc_replace_strmem.c:889)
==7249== by 0x855035F: ??? (in /usr/lib/libapr-1.so.0.4.6)
==7249== by 0x855062D: apr_hash_get (in /usr/lib/libapr-1.so.0.4.6)
==7249== by 0x747C96A: svn_ra_open4 (ra_loader.c:323)
==7249== by 0x6E2E4F2: svn_client__open_ra_session_internal (ra.c:390)
==7249== by 0x6E2EA06: svn_client__ra_session_from_path2 (ra.c:510)
==7249== by 0x6E0359E: list_internal (list.c:365)
==7249== by 0x6E03D75: svn_client_list3 (list.c:572)
==7249== by 0x6DED251: svn_client_list2 (deprecated.c:1375)
==7249== by 0x6DED2C2: svn_client_list (deprecated.c:1393)
==7249== by 0x6DED4C7: svn_client_ls3 (deprecated.c:1468)
==7249== by 0x6DED521: svn_client_ls2 (deprecated.c:1483)
==7249== Address 0xcd46d70 is 32 bytes inside a block of size 41 free'd
==7249== at 0x4C27D4E: free (vg_replace_malloc.c:427)
==7249== by 0x4ED6D75: ??? (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4ED7A42: Perl_hv_free_ent (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4ED7DAD: ??? (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4EDB5C2: Perl_hv_undef_flags (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4EEDDA5: Perl_sv_clear (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4EEE1D1: Perl_sv_free2 (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4F139BF: Perl_free_tmps (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4EDF284: Perl_pp_nextstate (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4EDEC25: Perl_runops_standard (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x4E80754: perl_run (in /usr/lib/libperl.so.5.14.2)
==7249== by 0x400F88: main (in /usr/bin/perl)
and your patch, modified for trunk, fixes it:
Index: subversion/bindings/swig/perl/libsvn_swig_perl/swigutil_pl.c
===================================================================
--- subversion/bindings/swig/perl/libsvn_swig_perl/swigutil_pl.c (revision 1506881)
+++ subversion/bindings/swig/perl/libsvn_swig_perl/swigutil_pl.c (working copy)
@@ -187,7 +187,7 @@ static apr_hash_t *svn_swig_pl_to_hash(SV *source,
while (cnt--) {
SV* item = hv_iternextsv(h, &key, &retlen);
void *val = cv(item, ctx, pool);
- svn_hash_sets(hash, key, val);
+ svn_hash_sets(hash, apr_pstrmemdup(pool, key, retlen), val);
}
return hash;
--
Philip Martin | Subversion Committer
WANdisco | Non-Stop Data
Received on 2013-07-25 13:20:00 CEST