subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Martin <>
Subject Re: svn commit: r1308966 - in /subversion/trunk/subversion: include/svn_string.h libsvn_subr/svn_string.c
Date Tue, 03 Apr 2012 15:51:24 GMT writes:

> Author: julianfoad
> Date: Tue Apr  3 15:03:56 2012
> New Revision: 1308966
> URL:
> Log:
> Make svn_stringbuf_ensure() allocate an additional byte for the null
> terminator, bringing it in line with svn_stringbuf_create_ensure() which
> always had those semantics.  Some callers had been expecting this behaviour,
> and thus had been buggy.  This will make buggy callers just work, and any
> callers that were already adding one byte will still work whether they get
> updated or not.  It would now be an error to link code written against the
> new API to a library containing an old implementation of the function.

> -/** Make sure that the string @a str has at least @a minimum_size bytes of
> - * space available in the memory block.
> +/** Make sure that the string @a str has allocated at least enough space
> + * to hold a string of length @a minimum_size bytes (as well as the
> + * terminating null character).
>   *
> - * (@a minimum_size should include space for the terminating NULL character.)
> + * @note: Before Subversion 1.8, the caller was supposed to include one
> + * byte for the null terminator in the value of @a minimum_size.
>   */

But it's not a compile-time error, it's a run-time error if the buffer
overrun happens to hit important memory.  But it's quite possible that
most of the time the buffer overrun will hit memory that is allocated
but unused meaning the error will be hidden until the memory usage is
just right to trigger the bug.  To write robust code the caller still
has to pass len+1, or explicitly test the Subversion minor version.
What are we going to recommend that users of the API do?

The discussions we had earlier this year were


View raw message