[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Bug in svn_stringbuf_insert and svn_stringbuf_replace

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Fri, 9 Jan 2015 17:52:54 +0000

I just spotted this.

svn_stringbuf_insert() contains this:

  temp = apr_pstrndup(str->pool, bytes, count);

That's wrong for an arbitrary array of bytes, because it will stop copying at the first null byte.

Using apr_pmemdup() should fix it.

Same in svn_stringbuf_replace().

Inadequate test coverage. It is tested only with non-zero-length strings of ASCII characters. (Another scenario not tested is inserting a string that overlaps the existing string and starts or ends at the existing string's start or end or end-plus-null.)

- Julian
Received on 2015-01-09 18:53:49 CET

This is an archived mail posted to the Subversion Dev mailing list.