Hi all,
As reported in Debian[0], using git-svn to clone a Subversion repo will
reliably crash in Subversion's Perl bindings if there are commits
touching many files.
[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780246
The original report referenced a private repo, but it was reproduced
using KDE's svn repo using the following command:
git-svn clone -s 28995:HEAD svn://anonsvn.kde.org/home/kde
The problematic commit appears to be 28996, which according to
svn log --verbose -c 28996
affects ~2645 paths.
This was originally reproduced with 1.8.10 and I see the below error
from valgrind leading up to the crash (using debugperl from the
perl-debug package to get symbols):
==11979== Invalid write of size 8
==11979== at 0xC7CEA31: _wrap_svn_txdelta_apply (svn_delta.c:3918)
==11979== by 0x4FF9B6: Perl_pp_entersub (pp_hot.c:2794)
==11979== by 0x4CA718: Perl_runops_debug (dump.c:2427)
==11979== by 0x559D15: S_docatch (pp_ctl.c:3227)
==11979== by 0x4CA718: Perl_runops_debug (dump.c:2427)
==11979== by 0x43F508: Perl_call_sv (perl.c:2756)
==11979== by 0x852B397: svn_swig_pl_callback_thunk (swigutil_pl.c:625)
==11979== by 0x852B864: thunk_apply_textdelta (swigutil_pl.c:873)
==11979== by 0xE15034B: ra_svn_handle_apply_textdelta (editorp.c:717)
==11979== by 0xE15065D: svn_ra_svn_drive_editor2 (editorp.c:938)
==11979== by 0xE14AFBB: ra_svn_finish_report (client.c:299)
==11979== by 0x109B183C: svn_ra_reporter2_invoke_finish_report (svn_ra.c:2066)
==11979== by 0x109B183C: _wrap_svn_ra_reporter2_invoke_finish_report (svn_ra.c:12746)
==11979== Address 0xbb97d20 is 27,936 bytes inside a block of size 27,992 free'd
==11979== at 0x4C2AF2E: realloc (vg_replace_malloc.c:692)
==11979== by 0x4CCFA5: Perl_safesysrealloc (util.c:244)
==11979== by 0x4F0F17: Perl_av_extend_guts (av.c:154)
==11979== by 0x555422: Perl_stack_grow (scope.c:38)
==11979== by 0x4F5620: Perl_pp_padrange (pp_hot.c:373)
==11979== by 0x4CA718: Perl_runops_debug (dump.c:2427)
==11979== by 0x43F508: Perl_call_sv (perl.c:2756)
==11979== by 0x852B397: svn_swig_pl_callback_thunk (swigutil_pl.c:625)
==11979== by 0x852EAEE: svn_swig_pl_from_md5 (swigutil_pl.c:1837)
==11979== by 0xC7CEA2C: _wrap_svn_txdelta_apply (svn_delta.c:3918)
==11979== by 0x4FF9B6: Perl_pp_entersub (pp_hot.c:2794)
==11979== by 0x4CA718: Perl_runops_debug (dump.c:2427)
The call to svn_txdelta_apply in _wrap_svn_txdelta_apply is where the
crash occurs.
The Perl stack from the original report is:
Signal SEGV at /usr/share/perl5/Git/SVN/Fetcher.pm line 361.
Git::SVN::Fetcher::apply_textdelta(Git::SVN::Fetcher=HASH(0x26a51b0), HASH(0x2b14238), undef, _p_apr_pool_t=SCALAR(0x2b14148)) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/SVN/Ra.pm line 623
SVN::Ra::Reporter::AUTOLOAD(SVN::Ra::Reporter=ARRAY(0x26e2510), SVN::Pool=REF(0x26e1e98)) called at /usr/share/perl5/Git/SVN/Ra.pm line 300
Git::SVN::Ra::gs_do_update(Git::SVN::Ra=HASH(0x26a4fe8), 49802, 49802, Git::SVN=HASH(0x26a4ad8), Git::SVN::Fetcher=HASH(0x26a51b0)) called at /usr/share/perl5/Git/SVN.pm line 1210
Git::SVN::do_fetch(Git::SVN=HASH(0x26a4ad8), HASH(0x26eb380), 49802) called at /usr/share/perl5/Git/SVN/Ra.pm line 451
Git::SVN::Ra::gs_fetch_loop_common(Git::SVN::Ra=HASH(0x26a4fe8), 49800, 91763, ARRAY(0x1c2acc0), ARRAY(0x1c2acf0)) called at /usr/share/perl5/Git/SVN.pm line 184
Git::SVN::fetch_all("svn", HASH(0x11fd4b8)) called at /usr/lib/git-core/git-svn line 560
main::cmd_fetch("svn") called at /usr/lib/git-core/git-svn line 377
eval {...} called at /usr/lib/git-core/git-svn line 375
The 1.9 beta still crashes with a similar valgrind report, modulo line
numbers and free'd block size.
Cheers,
--
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan_at_debian.org>
Received on 2015-03-18 04:26:04 CET