/[Apache-SVN]
ViewVC logotype

Revision 1857367


Jump to revision: Previous Next
Author: stsp
Date: Fri Apr 12 07:04:15 2019 UTC (4 years, 11 months ago)
Changed paths: 1
Log Message:
Fix memory lifetime problem in a libsvn_wc error code path.

* subversion/libsvn_wc/wc_db_update_move.c
  (suitable_for_move): Calling svn_sqlite__column_text() with a NULL result
   pool twice means the result of the first call becomes invalid. Store the
   child_relpath variable in a pool. It is passed to path_for_error_message()
   later, after another call to svn_sqlite__column_text() with a NULL result
   pool has already occurred.

Crash observed on OpenBSD:
#0  strlen () at /usr/src/lib/libc/arch/amd64/string/strlen.S:125
#1  0x00000c38d5de6db7 in svn_dirent_join (
    base=0xc38dfe1ef00 "/home/stsp/svn/svn-1.12.0/subversion/tests/libsvn_wc/svn-test-work/working-copies/move_update_subtree", 
    component=0xc390ca94fc8 '\337' <repeats 55 times>, <incomplete sequence \337><error: Cannot access memory at address 0xc390ca95000>, pool=0xc38eeceff00)
    at subversion/libsvn_subr/dirent_uri.c:1007
#2  0x00000c38f686a815 in path_for_error_message (wcroot=0xc387ee3d300, 
    local_relpath=0xc390ca94fc8 '\337' <repeats 55 times>, <incomplete sequence \337><error: Cannot access memory at address 0xc390ca95000>, 
    result_pool=0xc38eeceff00) at subversion/libsvn_wc/wc_db_update_move.c:167
#3  0x00000c38f686ad1f in suitable_for_move (wcroot=0xc387ee3d300, 
    local_relpath=0xc387efe4ce0 "A/B", scratch_pool=0xc38eeceff00)
    at subversion/libsvn_wc/wc_db_update_move.c:2192


Changed paths

Path Details
Directorysubversion/trunk/subversion/libsvn_wc/wc_db_update_move.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26