Re: [PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs

From: Nathan Hartman <hartman.nathan_at_gmail.com>
Date: Thu, 2 Apr 2020 13:03:33 -0400

On Thu, Apr 2, 2020 at 11:29 AM Denis Kovalchuk
<denis.kovalchuk_at_visualsvn.com> wrote:
> I think I have found an undefined behavior in the code that constructs ID for
> per-transaction DAG node cache.
>
> In make_txn_root() function, the txn variable of type svn_fs_fs__id_part_t *
> is passed to apr_pstrcat() function, leading to the undefined behavior.
> I can assume that originally it was planned to pass a textual representation
> of the txn, instead of passing the txn itself.
>
> Although ID is not used anywhere, except debug-only calls of
> svn_cache__get_info() and svn_cache__format_info() functions, the improper call
> to apr_pstrcat() may cause a potential crash, etc.

Good catch!

This definitely looks like a bug, that was never caught because
apr_pstrcat() is a variadic function with NO type checking!!

Thanks,
Nathan
Received on 2020-04-02 19:03:50 CEST

This message: [ Message body ]
Next message: James McCoy: "Re: SVN 1.14 release: please fix your buildbot"
Previous message: Stefan Sperling: "Re: [PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs"
In reply to: Denis Kovalchuk: "[PATCH] Fix undefined behavior when constructing ID for txn_node_cache in fsfs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]