Author: stefan2
Date: Sun Jun 26 20:28:23 2011
New Revision: 1139935
URL: http://svn.apache.org/viewvc?rev=1139935&view=rev
Log:
Prevent buffer overflows in target stringbuf. The recently added
optimizations rely on sufficient memory being pre-allocated to
the target buffer to hold the entire result string.
Until now, the code would ignore the size of existing content when
pre-allocating the buffer.
* subversion/libsvn_subr/svn_base64.c
(encode_bytes, decode_bytes): ensure that STR is large enough to
hold the new data as well as its current content
Modified:
subversion/trunk/subversion/libsvn_subr/svn_base64.c
Modified: subversion/trunk/subversion/libsvn_subr/svn_base64.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/svn_base64.c?rev=1139935&r1=1139934&r2=1139935&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/svn_base64.c (original)
+++ subversion/trunk/subversion/libsvn_subr/svn_base64.c Sun Jun 26 20:28:23
2011
@@ -135,7 +135,7 @@ encode_bytes(svn_stringbuf_t *str, const
/* Add an extra space for line breaks. */
buflen += buflen / BASE64_LINELEN;
}
- svn_stringbuf_ensure(str, buflen);
+ svn_stringbuf_ensure(str, str->len + buflen);
/* Keep encoding three-byte groups until we run out. */
while (*inbuflen + (end - p) >= 3)
@@ -412,7 +412,7 @@ decode_bytes(svn_stringbuf_t *str, const
/* Resize the stringbuf to make room for the (approximate) size of
output, to avoid repeated resizes later.
The optimizations in decode_line rely on no resizes being necessary! */
- svn_stringbuf_ensure(str, (len / 4) * 3 + 3);
+ svn_stringbuf_ensure(str, str->len + (len / 4) * 3 + 3);
while ( !*done && p < end )
{
