[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Bug: TortoiseSVN crashes trying to handle invalid svn: URL

From: Greg Lutz <greg_at_nearspace.com>
Date: Thu, 03 Jan 2008 22:18:03 -0800

[I would appreciate being cc'ed on any possible messages about this

The incident is a crash, identified by Windows simply as "TortoiseSVN
has stopped working".

The system on which the incident occurred is running Windows Vista
32-bit, with an Intel Core2 T7400 processor.

The version of TortoiseSVN installed on the computer is
"TortoiseSVN 1.4.99, Build 11778 - 32 Bit -dev, 2008/01/03 23:30:05"
(yes, I know it's not released).

To reproduce the incident, write the following into a .html file:

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <a href="svn:mergeinfo">mergeinfo</a>

and load this file into a browser (well, load it into Firefox). The
browser should display
the work "mergeinfo" decorated as a link. Click on the link. A dialog
entitled "External
ProtocolRequest" will be displayed, with this content:

    An external application must be launched to handle svn: links.

    Requested link:


    Application: C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe
/command:repobrowser /path: "%1"

    If you were not expecting this request it may be an attempt to
exploit a weakness in that other
    program. Cancel this request unless you are sure it is not malicious.

Click on the button labeled "Launch application".

A TortoiseSVN dialog entitled "URL" appears, containing a combo box
labeled URL:. In my case, there
is an entry preloaded in the combo box, with text
"http://svn.collab.net/repos/svn/tags/1.4.6/subversion". This is a valid
Subversion URL.

Click OK in this dialog. The TortoiseSVN Repository Browser appears,
showing the above-quoted URL
(http://svn.collab.net.....). Click the Repository Browser's OK button.

A dialog entitled "Microsoft Windows" appears, with the contents:

    TortoiseSVN client has stopped working

    A problem caused the program to stop working correctly.
    Windows will close the program and notify you if a solution is

That was the "unexpected behavior" that's the crucial content of this
bug report. But I went further and hit
the above dialog's Debug button and launched Visual Studio 2008. It came
up showing a dialog with
contents starting with:

    Windows has triggered a breakpoint in TortoiseProc.exe.

    This may be due to a corruption of the heap, which indicates a bug in
    TortoiseProc.exe or any of the DLLs it has loaded.

I select Break in this dialog, and see the VS debugger stopped at line
110 of the file
C:\Program Files\Microsoft Visual Studio 9.0\VC\crt\src\free.c. This is
in function _free_base(),
on the line "if (retval == 0)" (more importantly, immediately following
a call to HeapFree()).

#endif /* _WIN64 */
            retval = HeapFree(_crtheap, 0, pBlock);
            if (retval == 0)
                errno = _get_errno_from_oserr(GetLastError());

#else /* WINHEAP */

Stack dump:

     [Frames below may be incorrect and/or missing, no symbols loaded
for ntdll.dll]
> msvcr90.dll!free(void * pBlock=0x01714020) Line 110 C
     msvcr90.dll!doexit(int code=0, int quick=0, int retcaller=0) Line
591 C

I'm not including a dump of memory at the pBlock address.

Anecdotal aside:

Of course, I didn't really run into this bug by clicking on the link in
the above-listed
.html file. What actually happened is that a message (from David
Glasser) to the
Subversion Developers' list contained the string "svn:mergeinfo", and my
client, Thunderbird, decorated it as a link -- because TortoiseSVN had
svn as a protocol it could handle. I was surprised to see this link
decoration, and
innocently clicked on it...

--Greg Lutz

To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-01-04 08:58:51 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.