You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2015/11/14 20:55:56 UTC
svn commit: r1714357 -
/subversion/trunk/subversion/libsvn_subr/cache-membuffer.c
Author: stefan2
Date: Sat Nov 14 19:55:56 2015
New Revision: 1714357
URL: http://svn.apache.org/viewvc?rev=1714357&view=rev
Log:
* subversion/libsvn_subr/cache-membuffer.c
(svn_cache__create_membuffer_cache): Add a paranoia parameter check.
Modified:
subversion/trunk/subversion/libsvn_subr/cache-membuffer.c
Modified: subversion/trunk/subversion/libsvn_subr/cache-membuffer.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/cache-membuffer.c?rev=1714357&r1=1714356&r2=1714357&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/cache-membuffer.c (original)
+++ subversion/trunk/subversion/libsvn_subr/cache-membuffer.c Sat Nov 14 19:55:56 2015
@@ -3372,6 +3372,11 @@ svn_cache__create_membuffer_cache(svn_ca
prefix_orig_len = strlen(prefix) + 1;
prefix_len = ALIGN_VALUE(prefix_orig_len);
+ /* Paranoia check to ensure pointer arithmetics work as expected. */
+ if (prefix_orig_len >= SVN_MAX_OBJECT_SIZE)
+ return svn_error_create(SVN_ERR_INCORRECT_PARAMS, NULL,
+ _("Prefix too long"));
+
/* Construct the folded prefix key. */
SVN_ERR(svn_checksum(&checksum,
svn_checksum_md5,