subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James McCoy <james...@debian.org>
Subject Re: Segfault in Perl bindings when commit touches a large number of files
Date Sat, 21 Mar 2015 02:25:19 GMT
On Wed, Mar 18, 2015 at 02:49:08PM +0000, Philip Martin wrote:
> I also see that.  Given that Perl has realloc'd some memory I suppose
> it might be a reference counting bug in Subversion's XS code.
> 
> Or perhaps the bug might be this code in svn_types.swg:
> 
> %typemap(argout) unsigned char *result_digest {
>   /* FIXME: This code is clearly buggy. The return value of sv_newmortal()
>      is immediately overwritten by the return value
>      of svn_swig_pl_from_md5(). */
>     ST(argvi) = sv_newmortal();
>     ST(argvi++) = svn_swig_pl_from_md5($1);
> }
> #endif

Indeed.  Reading through some Perl documentation, the original commit,
and svn_swig_pl_from_md5, I don't see why the svn_newmortal() call is
there.  svn_swig_pl_from_md5 already makes its return value mortal, so
this is just allocating and overwriting a new SV*.

Removing this resolves the crash and reduces the amount of
(de)allocations.

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan@debian.org>

Mime
View raw message