You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by ma...@nats.co.uk, ma...@nats.co.uk on 2018/10/29 15:36:06 UTC

[PATCH] Coredump when javahl SVNClient::diff() called with diff-cmd set

[[[
Prevent some coredumps when using JavaHL SVNClient::diff()

SVNClient::diff() discards output to stderr by setting stderr parameters to NULL in some calls

Some of the called code can dereference the NULL in some situations. One
such situation is if the user has set a diff-cmd value in their settings file.

The documented interface to relevant routines does not say that stderr can be set to NULL in this way.

Observed in the 1.10.3 client

* subversion/bindings/javahl/native/SVNClient.cpp

  (SVNClient::diff): Replace NULL stderr in calls to (deprecated) svn_client_diff_peg6()
   and svn_client_diff6() with svn_stream_empty objects.

]]]
Index: subversion/bindings/javahl/native/SVNClient.cpp
===================================================================
--- subversion/bindings/javahl/native/SVNClient.cpp	(revision 1845130)
+++ subversion/bindings/javahl/native/SVNClient.cpp	(working copy)
@@ -1055,7 +1055,8 @@ void SVNClient::diff(const char *target1, Revision
                                    options.useGitDiffFormat(),
                                    SVN_APR_LOCALE_CHARSET,
                                    outputStream.getStream(subPool),
-                                   NULL /* error file */,
+                                   // discard stderr
+                                   svn_stream_empty(subPool.getPool()),
                                    changelists.array(subPool),
                                    ctx,
                                    subPool.getPool()),
@@ -1084,7 +1085,8 @@ void SVNClient::diff(const char *target1, Revision
                                options.useGitDiffFormat(),
                                SVN_APR_LOCALE_CHARSET,
                                outputStream.getStream(subPool),
-                               NULL /* error stream */,
+                               // discard stderr
+                               svn_stream_empty(subPool.getPool()),
                                changelists.array(subPool),
                                ctx,
                                subPool.getPool()),

Re: [PATCH] Coredump when javahl SVNClient::diff() called with diff-cmd set

Posted by Branko Čibej <br...@apache.org>.

On 29.10.2018 16:36, matthew.burt@nats.co.uk wrote:
> Prevent some coredumps when using JavaHL SVNClient::diff()
>
> SVNClient::diff() discards output to stderr by setting stderr parameters to NULL in some calls
>
> Some of the called code can dereference the NULL in some situations. One
> such situation is if the user has set a diff-cmd value in their settings file.
>
> The documented interface to relevant routines does not say that stderr can be set to NULL in this way.
>
> Observed in the 1.10.3 client
>
> * subversion/bindings/javahl/native/SVNClient.cpp
>
>   (SVNClient::diff): Replace NULL stderr in calls to (deprecated) svn_client_diff_peg6()
>    and svn_client_diff6() with svn_stream_empty objects.

Thanks, committed in r1845408, and I'll propose this for backports to
1.10.x and 1.11.x.

-- Brane