You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Christof Meerald <cm...@web.de> on 2004/02/11 19:07:53 UTC

Segmentation fault in dav_svn_get_txn

Hi,

I have discovered a segmentation fault in 
subversion/mod_dav_svn/activity.c (Subversion 0.37.0) in function 
dav_svn_get_txn. It unconditionally invokes apr_dbm_freedatum(dbm, 
value) even if value hasn't been initialized. Obviously, the call to 
apr_dbm_freedatum should be moved up two lines (just after the 
apr_pstrdup). Here is the fixed version:

const char *dav_svn_get_txn(const dav_svn_repos *repos,
                            const char *activity_id)
{
  apr_dbm_t *dbm;
  apr_status_t status;
  const char *pathname;
  apr_datum_t key;
  apr_datum_t value;
  const char *txn_name = NULL;

  pathname = svn_path_join(repos->fs_path, ACTIVITY_DB, repos->pool);
  status = apr_dbm_open(&dbm, pathname, APR_DBM_READONLY,
                        APR_OS_DEFAULT, repos->pool);
  if (status != APR_SUCCESS)
    {
      /* ### let's just assume that any error means the DB doesn't exist,
         ### therefore, the activity/transaction doesn't exist */
      return NULL;
    }

  key.dptr = (char *)activity_id;
  key.dsize = strlen(activity_id) + 1;  /* null-term'd */
  if (apr_dbm_exists(dbm, key))
    {
      status = apr_dbm_fetch(dbm, key, &value);
      if (status != APR_SUCCESS)
        {
          /* ### again: assume failure means it doesn't exist */
          apr_dbm_close(dbm);
          return NULL;
        }
      txn_name = apr_pstrdup(repos->pool, value.dptr);   /* null-term'd */
      apr_dbm_freedatum(dbm, value);
    }

  apr_dbm_close(dbm);

  return txn_name;
}


bye, Christof

-- 
http://cmeerw.org
mailto cmeerw at web.de


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Segmentation fault in dav_svn_get_txn

Posted by "C. Michael Pilato" <cm...@collab.net>.

Christof Meerald <cm...@web.de> writes:

> Hi,
> 
> I have discovered a segmentation fault in
> subversion/mod_dav_svn/activity.c (Subversion 0.37.0) in function
> dav_svn_get_txn. It unconditionally invokes apr_dbm_freedatum(dbm,
> value) even if value hasn't been initialized. Obviously, the call to
> apr_dbm_freedatum should be moved up two lines (just after the
> apr_pstrdup). Here is the fixed version:

Thanks, Christof.  It's generally better to mail patches, but this fix
was simple enought to describe in prose (as you did), so I decided not
to give you a hard time about it. :-)

You may see the fruits of your debugging labor in revision 8618.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Segmentation fault in dav_svn_get_txn

Posted by Ben Collins-Sussman <su...@collab.net>.

On Wed, 2004-02-11 at 15:03, Christof Meerwald wrote:

> svn co http://server/test test
> cd test
> svn propset svn:ignore a1 .
> svn -m1 commit
> svn propedit .
> svn -m2 commit (server segfaults)

Hm, I assume your propedit line should have a "svn:ignore" in there?

I can't make apache segfault with this recipe.  What is it about this
recipe that stimulates the bug for you?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Segmentation fault in dav_svn_get_txn

Posted by Christof Meerwald <cm...@web.de>.

On Wed, Feb 11, 2004 at 01:24:26PM -0600, Ben Collins-Sussman wrote:
> On Wed, 2004-02-11 at 13:07, Christof Meerald wrote:
> > I have discovered a segmentation fault in 
> > subversion/mod_dav_svn/activity.c 
> Thanks for spotting this bug... in the future, can you send a patch (in
> unified diff), so that we don't have to spot the code change ourselves?
> 
> Also:  can you tell us how you discovered the bug?  Is there some
> reproduction recipe?

Here is a reproduction recipe:

svnadmin create test (on the server)

svn co http://server/test test
cd test
svn propset svn:ignore a1 .
svn -m1 commit
svn propedit .
svn -m2 commit (server segfaults)


bye, Christof

-- 
http://cmeerw.org                                 JID: cmeerw@jabber.at
mailto cmeerw at web.de

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Segmentation fault in dav_svn_get_txn

Posted by Ben Collins-Sussman <su...@collab.net>.

On Wed, 2004-02-11 at 13:07, Christof Meerald wrote:
> Hi,
> 
> I have discovered a segmentation fault in 
> subversion/mod_dav_svn/activity.c 

Thanks for spotting this bug... in the future, can you send a patch (in
unified diff), so that we don't have to spot the code change ourselves?

Also:  can you tell us how you discovered the bug?  Is there some
reproduction recipe?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org