subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian Foad <julianf...@btopenworld.com>
Subject Bug in svn_stringbuf_insert and svn_stringbuf_replace
Date Fri, 09 Jan 2015 17:52:54 GMT
I just spotted this.

svn_stringbuf_insert() contains this:

  temp = apr_pstrndup(str->pool, bytes, count);


That's wrong for an arbitrary array of bytes, because it will stop copying at the first null
byte.

Using apr_pmemdup() should fix it.

Same in svn_stringbuf_replace().

Inadequate test coverage. It is tested only with non-zero-length strings of ASCII characters.
(Another scenario not tested is inserting a string that overlaps the existing string and starts
or ends at the existing string's start or end or end-plus-null.)

- Julian

Mime
View raw message