[PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs

From: Denis Kovalchuk <denis.kovalchuk_at_visualsvn.com>
Date: Thu, 2 Apr 2020 18:29:06 +0300

Hello.

I think I have found an undefined behavior in the code that constructs ID for
per-transaction DAG node cache.

In make_txn_root() function, the txn variable of type svn_fs_fs__id_part_t *
is passed to apr_pstrcat() function, leading to the undefined behavior.
I can assume that originally it was planned to pass a textual representation
of the txn, instead of passing the txn itself.

Although ID is not used anywhere, except debug-only calls of
svn_cache__get_info() and svn_cache__format_info() functions, the improper call
to apr_pstrcat() may cause a potential crash, etc.

I have attached a patch that fixes it.

Regards,
Denis Kovalchuk

text/plain attachment: fix-ub-constructing-cache-id-v1.patch.txt

Received on 2020-04-02 17:29:23 CEST

This message: [ Message body ]
Next message: Yasuhito FUTATSUKI: "Re: svn commit: r1876016 - /subversion/trunk/subversion/bindings/swig/INSTALL"
Previous message: Stefan Sperling: "Re: SVN 1.14 release: please fix your buildbot"
Next in thread: Stefan Sperling: "Re: [PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs"
Reply: Stefan Sperling: "Re: [PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs"
Reply: Nathan Hartman: "Re: [PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]