RE: malformed argument re-use in svn_client_url_from_path2
From: Bert Huijben <bert_at_qqmail.nl>
Date: Thu, 24 Oct 2013 21:45:45 +0200
If you pass an invalid path then err will be set to an error that explains that you set an invalid path and (like in almost every Subversion function) the output arguments are completely undefined when the function returns an error.
(There are/were a few exceptions where for very specific error values the output arguments are defined)
So most likely no value will be set for url (but it could be set to a completely invalid pointer value).
I can’t reproduce a segfault in the subversion code for passing an invalid path to this function.
(I can certainly imagine that you see strange intermediate results when debugging if you don’t notice that SVN_ERR() will return for any non null return value it encounters)
Bert
From: Maximo, Andre (GE Global Research) [mailto:maximo_at_ge.com]
Hi Bert,
thanks for your prompt reply. Here is the code:
void CVCS::svnURLPath(CString& urlPath, const CString &fullPath)
{
apr_pool_t *local_pool = svn_pool_create(m_svn_pool);
const char *url = NULL;
svn_error_t *err = svn_client_url_from_path2(&url, fullPath, m_svn_ctx, m_svn_pool, local_pool);
if (url != NULL)
urlPath = CString(url);
svn_pool_destroy(local_pool);
}
Where “m_svn_ctx” and “m_svn_pool” are pointers to class member context and main pool. What happens is that when I call this method for a valid fullPath it returns a valid urlPath. But, if I passed a non-existent fullPath, the code crashes at the “svn_client_url_from_path2”.
Best,
Andre.
From: Bert Huijben [mailto:bert_at_qqmail.nl]
Without more context I can't see what is wrong with the original code.
The second argument is passed by value and the local value is overwritten only in the function when the old pointer is never used again. This is valid in C and this code is tested by our testsuite as far as I can tell.
Do you have some example code that shows how it fails for you?
In most similar cases where I reviewed similar problems the cause was really a pool handling bug, either in Subversion (where old code often passes the same pool as scratch and result pool, so the wrong pool could be used somewhere) or in the user code.
Bert
Sent from Windows Mail
From: Maximo, Andre (GE Global Research) <mailto:maximo_at_ge.com>
Hi,
the function “svn_client_url_from_path2” in “libsvn_client/url.c” re-uses the const char* argument “path_or_url” as both output and input of the svn_dirent_get_absolute call and this causes the function to crash. The crashing line is:
SVN_ERR(svn_dirent_get_absolute(&path_or_url, path_or_url, scratch_pool));
The description of my developing environment is:
O.S.: Windows 7
Release: Subversion 1.8.3
Compiler: MS Visual Studio 2010
No modifications to SVN
DB: FSFS
Additional details: I replicate the problem using the same const char * variable in both arguments of the svn_dirent_get_absolute call (crashing in the same way) and made it to pass ok on this call by having another const char * as output. Replicated code snipet crashing:
err = svn_dirent_get_absolute(&path, path, local_pool);
And the ok code snipet:
const char *local_path=NULL;
err = svn_dirent_get_absolute(&local_path, path, local_pool);
Should the function “svn_client_url_from_path2” have a “local_path_or_url” variable for output as all the other client functions that use “svn_dirent_get_absolute” have?
Thanks for your attention,
Andre Maximo, PhD
Information Visualization Researcher – Systems Integration
GE Global Research
T +55 21 3733 8190
Rua Paulo Emidio Barbosa, 485 - Qd 1 A
Ilha do Fundao - Parque Tecnologico
GE imagination at work
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.