You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2014/09/29 13:15:01 UTC

svn commit: r1628159 - /subversion/trunk/subversion/libsvn_fs_fs/index.c

Author: stefan2
Date: Mon Sep 29 11:15:00 2014
New Revision: 1628159

URL: http://svn.apache.org/r1628159
Log:
Follow-up to r1628093: Fix test failures when reading past EOF of a
proto-index file.

* subversion/libsvn_fs_fs/index.c
  (read_uint32_from_proto_index,
   read_off_t_from_proto_index): Verify value ranges and return values only
                                 if a value has actually been read.

Modified:
    subversion/trunk/subversion/libsvn_fs_fs/index.c

Modified: subversion/trunk/subversion/libsvn_fs_fs/index.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_fs_fs/index.c?rev=1628159&r1=1628158&r2=1628159&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_fs_fs/index.c (original)
+++ subversion/trunk/subversion/libsvn_fs_fs/index.c Mon Sep 29 11:15:00 2014
@@ -548,15 +548,19 @@ read_uint32_from_proto_index(apr_file_t 
   apr_uint64_t value;
   SVN_ERR(read_uint64_from_proto_index(proto_index, &value, eof,
                                        scratch_pool));
-  if (value > APR_UINT32_MAX)
-    return svn_error_createf(SVN_ERR_FS_INDEX_OVERFLOW, NULL,
-                             _("UINT32 0x%" APR_UINT64_T_HEX_FMT
-                               " too large, max = 0x%" APR_UINT64_T_HEX_FMT),
-                             value, (apr_uint64_t)APR_UINT32_MAX);
-
-  /* This conversion is not lossy because the value can be represented in
-   * the target type. */
-  *value_p = (apr_uint32_t)value;
+  if (!eof || !*eof)
+    {
+      if (value > APR_UINT32_MAX)
+        return svn_error_createf(SVN_ERR_FS_INDEX_OVERFLOW, NULL,
+                                _("UINT32 0x%" APR_UINT64_T_HEX_FMT
+                                  " too large, max = 0x%"
+                                  APR_UINT64_T_HEX_FMT),
+                                value, (apr_uint64_t)APR_UINT32_MAX);
+
+      /* This conversion is not lossy because the value can be represented
+       * in the target type. */
+      *value_p = (apr_uint32_t)value;
+    }
 
   return SVN_NO_ERROR;
 }
@@ -573,16 +577,20 @@ read_off_t_from_proto_index(apr_file_t *
   apr_uint64_t value;
   SVN_ERR(read_uint64_from_proto_index(proto_index, &value, eof,
                                        scratch_pool));
-  if (value > off_t_max)
-    return svn_error_createf(SVN_ERR_FS_INDEX_OVERFLOW, NULL,
-                             _("File offset 0x%" APR_UINT64_T_HEX_FMT
-                               " too large, max = 0x%" APR_UINT64_T_HEX_FMT),
-                             value, off_t_max);
+  if (!eof || !*eof)
+    {
+      if (value > off_t_max)
+        return svn_error_createf(SVN_ERR_FS_INDEX_OVERFLOW, NULL,
+                                _("File offset 0x%" APR_UINT64_T_HEX_FMT
+                                  " too large, max = 0x%"
+                                  APR_UINT64_T_HEX_FMT),
+                                value, off_t_max);
 
-  /* Shortening conversion from unsigned to signed int is well-defined and
-   * not lossy in C because the value can be represented in the target type.
-   */
-  *value_p = (apr_off_t)value;
+      /* Shortening conversion from unsigned to signed int is well-defined
+       * and not lossy in C because the value can be represented in the
+       * target type. */
+      *value_p = (apr_off_t)value;
+    }
 
   return SVN_NO_ERROR;
 }