On 29.08.2016 18:57, Daniel Shahaf wrote:
> When the "props:" line in a noderev lists an all-zeroes checksum, FSFS
> segfaults:
>
> [[[
> % cat repro.sh
> #!/bin/sh
> rm -rf r wc
> svnadmin create r
> svn co -q file://`pwd`/r wc
> svn ps -q k v wc
> svn ci -qmm wc
> echo "First dump:"
> svnadmin dump -q r >/dev/null
> perl -pi -e 's/[0-9a-f]{16,}/"0" x length $&/e if /^props:/' r/db/revs/0/1
> echo "Second dump:"
> svnadmin dump -q r >/dev/null
> ]]]
>
> Output:
> [[[
> % ./repro.sh
> First dump:
> Second dump:
> Segmentation fault
> zsh: exit 139 ./repro.sh
> ]]]
>
> This is caused by these two lines in svn_fs_fs__parse_representation():
> .
> 801 SVN_ERR(svn_checksum_parse_hex(&checksum, svn_checksum_md5, str,
> 802 scratch_pool));
> 803 memcpy(rep->md5_digest, checksum->digest, sizeof(rep->md5_digest));
> .
> Line 801 sets CHECKSUM to NULL (as promised by svn_checksum_parse_hex()'s
> docstring), line 803 dereferences it unconditionally.
I vaguely remember that we use(d) all-0 checksums
as a 'no checksum' indicator. There may have been
some mix-up when rep structure got flattened.
> I'm not aware of any way to create such text:/props: lines via the API,
> but they're useful when editing revision files by hand, and in any case
> invalid on-disk data should not cause segfaults.
I'll look into this after the current APR and FSFS fixes
for svnadmin pack are completed. Should not be too
difficult to figure out the correct behaviour.
-- Stefan^2.
Received on 2016-08-29 22:10:21 CEST