Re: Invalid memory reads in first_non_fsm_start_char_cstring (utf_validate.c)

From: Stefan Fuhrmann <stefan2_at_apache.org>
Date: Mon, 04 Jan 2016 16:17:07 +0100

On 03.01.2016 18:50, Hanno Böck wrote:
> On Sun, 3 Jan 2016 18:12:47 +0100
> Branko Čibej <brane_at_apache.org> wrote:
>
>> GCC (or any other compiler) may do a lot of things, but it's not
>> allowed to change the way APR pool allocation works. We're not using
>> malloc(); we're using apr_palloc() & co.
>
> Okay, I think we have a misunderstanding here.
>
> The error I encountered is not by code allocated by apr_palloc. It
> actually comes from this line in notify.c:
> SVN_ERR(svn_dirent_get_absolute(&nb->path_prefix, "", pool));
>
> The memory that is read out of bounds is the "" string literal.

Yep, you are right.

Turns out that the whole code path was (almost) a duplication
of a function that does not have this problem. Fixed in r1722860.
A related problem was then found by our SOLARIS build bot and
got fixed in r1722879 and r1722887.

Thanks for the detailed report!

-- Stefan^2.
Received on 2016-01-04 16:17:11 CET

This message: [ Message body ]
Next message: Stefan Fuhrmann: "Re: Last-Modified HTTP header in GET responses"
Previous message: Philip Martin: "Re: Last-Modified HTTP header in GET responses"
In reply to: Hanno Böck: "Re: Invalid memory reads in first_non_fsm_start_char_cstring (utf_validate.c)"
Next in thread: Árpád Goretity: "Re: Invalid memory reads in first_non_fsm_start_char_cstring (utf_validate.c)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]