[I would appreciate being cc'ed on any possible messages about this
incident.]
The incident is a crash, identified by Windows simply as "TortoiseSVN
has stopped working".
The system on which the incident occurred is running Windows Vista
32-bit, with an Intel Core2 T7400 processor.
The version of TortoiseSVN installed on the computer is
"TortoiseSVN 1.4.99, Build 11778 - 32 Bit -dev, 2008/01/03 23:30:05"
(yes, I know it's not released).
To reproduce the incident, write the following into a .html file:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<a href="svn:mergeinfo">mergeinfo</a>
</body>
</html>
and load this file into a browser (well, load it into Firefox). The
browser should display
the work "mergeinfo" decorated as a link. Click on the link. A dialog
entitled "External
ProtocolRequest" will be displayed, with this content:
An external application must be launched to handle svn: links.
Requested link:
svn:mergeinfo
Application: C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe
/command:repobrowser /path: "%1"
If you were not expecting this request it may be an attempt to
exploit a weakness in that other
program. Cancel this request unless you are sure it is not malicious.
Click on the button labeled "Launch application".
A TortoiseSVN dialog entitled "URL" appears, containing a combo box
labeled URL:. In my case, there
is an entry preloaded in the combo box, with text
"http://svn.collab.net/repos/svn/tags/1.4.6/subversion". This is a valid
Subversion URL.
Click OK in this dialog. The TortoiseSVN Repository Browser appears,
showing the above-quoted URL
(http://svn.collab.net.....). Click the Repository Browser's OK button.
A dialog entitled "Microsoft Windows" appears, with the contents:
TortoiseSVN client has stopped working
A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is
available.
That was the "unexpected behavior" that's the crucial content of this
bug report. But I went further and hit
the above dialog's Debug button and launched Visual Studio 2008. It came
up showing a dialog with
contents starting with:
Windows has triggered a breakpoint in TortoiseProc.exe.
This may be due to a corruption of the heap, which indicates a bug in
TortoiseProc.exe or any of the DLLs it has loaded.
I select Break in this dialog, and see the VS debugger stopped at line
110 of the file
C:\Program Files\Microsoft Visual Studio 9.0\VC\crt\src\free.c. This is
in function _free_base(),
on the line "if (retval == 0)" (more importantly, immediately following
a call to HeapFree()).
#endif /* _WIN64 */
{
retval = HeapFree(_crtheap, 0, pBlock);
if (retval == 0)
{
errno = _get_errno_from_oserr(GetLastError());
}
}
}
#else /* WINHEAP */
Stack dump:
ntdll.dll!77632ea8()
[Frames below may be incorrect and/or missing, no symbols loaded
for ntdll.dll]
ntdll.dll!77686394()
ntdll.dll!7769f158()
ntdll.dll!7769f1de()
ntdll.dll!775f8dd4()
ntdll.dll!775f40f0()
ntdll.dll!77651039()
ntdll.dll!7765100b()
ntdll.dll!776129d7()
ntdll.dll!77650e97()
ntdll.dll!77657d37()
ntdll.dll!77651c21()
kernel32.dll!76b07a7e()
> msvcr90.dll!free(void * pBlock=0x01714020) Line 110 C
libapr_tsvn.dll!6eec2187()
libapr_tsvn.dll!6eec2dc8()
libapr_tsvn.dll!6eec2ebd()
libapr_tsvn.dll!6eed377e()
TortoiseProc.exe!004ea659()
TortoiseProc.exe!006adbb6()
msvcr90.dll!doexit(int code=0, int quick=0, int retcaller=0) Line
591 C
00000001()
I'm not including a dump of memory at the pBlock address.
Anecdotal aside:
Of course, I didn't really run into this bug by clicking on the link in
the above-listed
.html file. What actually happened is that a message (from David
Glasser) to the
Subversion Developers' list contained the string "svn:mergeinfo", and my
email
client, Thunderbird, decorated it as a link -- because TortoiseSVN had
registered
svn as a protocol it could handle. I was surprised to see this link
decoration, and
innocently clicked on it...
--Greg Lutz
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-01-04 08:58:51 CET