[Fwd: mod_dav_svn consumed all memory during a large commit upload and crashed my linux server]

Hello,

I sent the attached email yesterday morning. Since nobody has replied I
am wondering if I sent this to the right list? Somebody please advise.

In summary, my questions were:

1) Is there a problem in Subversion 1.6.6 that can cause all available
system memory to be consumed during a large commit upload over httpd
using mod_dav_svn resulting in a crash? See my attached original email
for details. I have seen references to a similar bug in earlier svn
versions but I cannot find any references to indicate if such a bug
still exists in version 1.6.6.

2) If this problem does indeed still exist then what is the recommended
fix; band-aids or otherwise?

3) Is the following exploit, that takes advantage of a similar bug in
earlier versions of subversion, still a problem for version 1.6.6?:

http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&viewType=browseAll&dsMessageId=2358435#messagefocus
http://milw0rm.com/exploits/8842

I am wondering if I should be posting these questions to the developers
list instead of the users list. If I am posting to the wrong mailing
list then please let me know.

Many thanks in advance,

Gordon Dickens

-------- Original Message --------
Subject: mod_dav_svn consumed all memory during a large commit
upload and crashed my linux server
Date: Mon, 02 Nov 2009 11:01:57 -0500
From: Gordon Dickens <gordon_at_dickens.com>
To: users_at_subversion.tigris.org

My linux server recently crashed during the commit upload of a very
large subversion repository (300MB of source code) over http with
mod_dav_svn. The server crashed because memory use suddenly expanded
exponentially and I am certain that the subversion application caused
the spike in memory usage and the resulting crash. I am running version
1.6.6 (r40053) of subversion and mod_dav_svn on a CentOS 5.4 server.
You can view a graph of the memory usage of my server during this event at:

http://dickens.com/images/svn-memory-crash.png

You can see the memory consumption start to increase at approximately
5:30PM and the machine subsequently ran out of memory, seized up and
crashed at approximately 6:00PM. The memory consumption on this graph
coincides exactly with the commit of a very large subversion repository
over http using mod_dav_svn. FWIW, the commit upload was from a slow
(3MB) DSL connection.

So, my questions are:

1) Is this a known bug in Subversion 1.6.6? I have found references to
this bug in earlier versions but I cannot find any reference to this in
version 1.6.6.

2) What is the recommended fix for this bug, band-aids or otherwise? How
do I protect my server from this happening again?

3) Is the following exploit, that takes advantage of this bug in earlier
versions of subversion, still a problem for version 1.6.6?:

http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&viewType=browseAll&dsMessageId=2358435#messagefocus
http://milw0rm.com/exploits/8842

Many thanks for any replies,

Gordon Dickens

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2414211

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-03 21:34:09 CET