svn commit: r1567985 - /subversion/trunk/subversion/libsvn_subr/cache-membuffer.c

[st...@apache.org]

Author: stefan2
Date: Thu Feb 13 17:48:59 2014
New Revision: 1567985

URL: http://svn.apache.org/r1567985
Log:
On 32 bit systems, integer underflows can cause the membuffer usage counters
to grow beyond 32 bit limits.  That makes all entries appear to be "small"
and being kept instead of being potentially evicted.

* subversion/libsvn_subr/cache-membuffer.c
  (svn_membuffer_t): Update comment.
  (membuffer_cache_set_internal): Adding a cast to prevent off-by-4GB in the
                                  cache->DATA_USED tracker in 32 bits systems.

Found by: vitalif{_AT_}yourcmc.ru
Suggested by: James McCoy <jamessan{_AT_}debian.org>

Modified:
    subversion/trunk/subversion/libsvn_subr/cache-membuffer.c

Modified: subversion/trunk/subversion/libsvn_subr/cache-membuffer.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/cache-membuffer.c?rev=1567985&r1=1567984&r2=1567985&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/cache-membuffer.c (original)
+++ subversion/trunk/subversion/libsvn_subr/cache-membuffer.c Thu Feb 13 17:48:59 2014
@@ -508,7 +508,7 @@ struct svn_membuffer_t
    */
   unsigned char *data;
 
-  /* Total number of data buffer bytes in use. This is for statistics only.
+  /* Total number of data buffer bytes in use.
    */
   apr_uint64_t data_used;
 
@@ -1881,7 +1881,11 @@ membuffer_cache_set_internal(svn_membuff
    * the old spot, just re-use that space. */
   if (entry && ALIGN_VALUE(entry->size) >= size && buffer)
     {
-      cache->data_used += size - entry->size;
+      /* Careful! We need to cast SIZE to the full width of CACHE->DATA_USED
+       * lest we run into trouble with 32 bit underflow *not* treated as a
+       * negative value.
+       */
+      cache->data_used += (apr_uint64_t)size - entry->size;
       entry->size = size;
       entry->priority = priority;