[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Invalid memory reads in first_non_fsm_start_char_cstring (utf_validate.c)

From: Stefan Fuhrmann <stefan2_at_apache.org>
Date: Mon, 04 Jan 2016 16:17:07 +0100

On 03.01.2016 18:50, Hanno Böck wrote:
> On Sun, 3 Jan 2016 18:12:47 +0100
> Branko Čibej <brane_at_apache.org> wrote:
>> GCC (or any other compiler) may do a lot of things, but it's not
>> allowed to change the way APR pool allocation works. We're not using
>> malloc(); we're using apr_palloc() & co.
> Okay, I think we have a misunderstanding here.
> The error I encountered is not by code allocated by apr_palloc. It
> actually comes from this line in notify.c:
> SVN_ERR(svn_dirent_get_absolute(&nb->path_prefix, "", pool));
> The memory that is read out of bounds is the "" string literal.

Yep, you are right.

Turns out that the whole code path was (almost) a duplication
of a function that does not have this problem. Fixed in r1722860.
A related problem was then found by our SOLARIS build bot and
got fixed in r1722879 and r1722887.

Thanks for the detailed report!

-- Stefan^2.
Received on 2016-01-04 16:17:11 CET

This is an archived mail posted to the Subversion Dev mailing list.