You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2013/05/16 21:53:28 UTC

svn commit: r1483535 - in /subversion/trunk/subversion: include/private/svn_string_private.h libsvn_subr/types.c

Author: stefan2
Date: Thu May 16 19:53:28 2013
New Revision: 1483535

URL: http://svn.apache.org/r1483535
Log:
Follow-up to r1483292:  Document that the core function does not include
any overflow checking.  Add overflow checks to svn_revnum_parse.

Found by: Mattias EngdegÄrd <ma...@bredband.net>

* subversion/include/private/svn_string_private.h
  (svn__strtoul): note missing overflow checks in docstring plus give
                  advice how to handle that situation

* subversion/libsvn_subr/types.c
  (svn_revnum_parse): limit revnums to signed 32 bits (the only portable
                      limit we have on them) and 10 digits

Modified:
    subversion/trunk/subversion/include/private/svn_string_private.h
    subversion/trunk/subversion/libsvn_subr/types.c

Modified: subversion/trunk/subversion/include/private/svn_string_private.h
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/include/private/svn_string_private.h?rev=1483535&r1=1483534&r2=1483535&view=diff
==============================================================================
--- subversion/trunk/subversion/include/private/svn_string_private.h (original)
+++ subversion/trunk/subversion/include/private/svn_string_private.h Thu May 16 19:53:28 2013
@@ -136,8 +136,10 @@ svn_stringbuf__morph_into_string(svn_str
 apr_status_t
 svn__strtoff(apr_off_t *offset, const char *buf, char **end, int base);
 
-/** Like strtoul but with a fixed base of 10.  This allows the compiler to
- * generate massively faster (4x on 64bit LINUX) code.
+/** Like strtoul but with a fixed base of 10 and without overflow checks.
+ * This allows the compiler to generate massively faster (4x on 64bit LINUX)
+ * code.  Overflow checks may be added on the caller side where you might
+ * want to test for a more specific value range anyway.
  */
 unsigned long
 svn__strtoul(const char *buffer, char **end);

Modified: subversion/trunk/subversion/libsvn_subr/types.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/types.c?rev=1483535&r1=1483534&r2=1483535&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/types.c (original)
+++ subversion/trunk/subversion/libsvn_subr/types.c Thu May 16 19:53:28 2013
@@ -51,6 +51,23 @@ svn_revnum_parse(svn_revnum_t *rev,
                            : _("Invalid revision number found parsing '%s'"),
                str);
 
+  /* a revision number with more than 9 digits is suspicious.
+     Have a closer look at those. */
+  if (str + 10 <= end)
+    {
+      /* we support 32 bit revision numbers only. check for overflows */
+      if (str + 10 < end)
+        return svn_error_createf
+                  (SVN_ERR_REVNUM_PARSE_FAILURE, NULL,
+                  _("Revision number longer than 10 digits '%s'"), str);
+        
+      /* we support 32 bit revision numbers only. check for overflows */
+      if (result < 1000000000 || result > APR_INT32_MAX)
+        return svn_error_createf
+                  (SVN_ERR_REVNUM_PARSE_FAILURE, NULL,
+                  _("Revision number too large or not normalized '%s'"), str);
+    }
+  
   *rev = result;
 
   return SVN_NO_ERROR;