[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

undefined behaviour in pack

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Tue, 26 Jan 2016 16:28:56 +0000

GCC's undefined behaviour sanitizer is reporting:

../src/subversion/libsvn_fs_fs/pack.c:902:17: runtime error: signed integer overflow: 2147483647 * 4 cannot be represented in type 'int'

To reproduce:

# set shard size to 3 and create a full shard
svnadmin create repo
chmod +w repo/db/format
printf "7\nlayout sharded 3\naddressing logical\n" > repo/db/format
svnmucc -mm -U file://`pwd`/repo put repo/format f
svnmucc -mm -U file://`pwd`/repo put repo/format f
svnadmin pack repo

Just before the warning roundness(0) returns MAX_INT and then:

(gdb) p path_order[i]->predecessor_count
$1 = 0
(gdb) p round
$2 = 2147483647

and 4 * 2147483647 overflows an int.

Philip Martin
Received on 2016-01-26 17:29:03 CET

This is an archived mail posted to the Subversion Dev mailing list.