Corrupted FSFS commit - possible bug in subversion 1.6.5?

Hi,

we encountered (again) the error already discussed in the earlier thread
"Corrupted FSFS commit" (starting February 25).

When checking out a reporitory from a subversion 1.6.5 server via https
(apache 2.2), a client receives a connection abort.

The log file states "Svndiff contains a too-large window [500, #185001]"
Trying to dump the repository via svnadmin dump results in "svnadmin:
Svndiff contains a too-large window"

The revision in question has clearly been commited to the same 1.6.5
server (the revision is from April 16, just a few days ago). The corrupted
path is a binary file with around 225MB.

As this is not the first time I encountered this error, and several other
people have posted similar problems to this list, I think this is a bug
in svn 1.6.5 (and possibly later).

The error message was - as far as google tells me - introduced while
resolving http://subversion.apache.org/security/CVE-2009-2411-advisory.txt

As far as I understood the CVE, this error message should be triggered
by these two conditions:

   1) an erroneos client tries to commit a too-large diff window to
   a server >= 1.5.7 / 1.6.4
   2) a client tries to check out a revision containing a too large diff
   window

I think the second condition must not appear with a server >= 1.5.7 / 1.6.4,
with one single exception. If a older subversion server accepted an erroneos
commit, the error must appear after upgrading to >= 1.5.7 / 1.6.4, when
checking out the erroneos path.

On what other revisions have you experienced this error?

Shall I open a bug report?

Martin Kutter
Received on 2010-04-19 18:18:27 CEST