On Monday, March 23, 2015 at 1:35:49 PM UTC+1, Philip Martin wrote:
> Philip Martin <philip..._at_wandisco.com> writes:
>
> > I'm not familiar with this code, but looking at other code in the file I
> > tried this:
> >
> > Index: ../src-1.9/subversion/bindings/swig/include/svn_types.swg
> > ===================================================================
> > ---
> ../src-1.9/subversion/bindings/swig/include/svn_types.swg (revision
> 1668117)
> > +++
> ../src-1.9/subversion/bindings/swig/include/svn_types.swg (working
> copy)
> > @@ -1119,8 +1119,7 @@
> > /* FIXME: This code is clearly buggy. The return value of
> sv_newmortal()
> > is immediately overwritten by the return value
> > of svn_swig_pl_from_md5(). */
> > - ST(argvi) = sv_newmortal();
> > - ST(argvi++) = svn_swig_pl_from_md5($1);
> > + %append_output(svn_swig_pl_from_md5($1));
> > }
> > #endif
>
> This makes svn_swig_pl_from_md5 follow the same pattern as
> svn_swig_pl_from_stream. I've committed this to trunk as r1668618.
>
Sorry for the late entry to the game. Just for the record: the real bug is
the line
ST(argvi++) = svn_swig_pl_from_md5($1);
This bumps the (output) pointer into the Perl argument stack without
checking if there's
enough space allocated. You may apparently get away with it since most of
the time there's
more allocated than implied by the actual number of input arguments.
Using Swig's %append_output is the correct way. I fixed another occurrence
of the above pattern in r1671388.
Cheers, Roderich
Received on 2015-04-05 15:08:33 CEST