Author: dsahlberg Date: Sun Nov 16 15:58:35 2025 New Revision: 1929793 Log: Check that we actually have some headers before trying to access them, preventing a segfault if we get an unexpected response while chatting with the server.
This could happen if the server is replying normally to the initial requests but suddenly send a 301 Moved permanently reply. This happens for ASFs incubator-repo at the time of writing due to some rewrite magic in their server config. Reported/discussed on users@: https://lists.apache.org/thread/konv626mmdpqk8zms7smqk6qfdbfl1wg * subversion/libsvn_ra_serf/util.c (svn_ra_serf__expect_empty_body): As above Modified: subversion/trunk/subversion/libsvn_ra_serf/util.c Modified: subversion/trunk/subversion/libsvn_ra_serf/util.c ============================================================================== --- subversion/trunk/subversion/libsvn_ra_serf/util.c Sun Nov 16 14:38:53 2025 (r1929792) +++ subversion/trunk/subversion/libsvn_ra_serf/util.c Sun Nov 16 15:58:35 2025 (r1929793) @@ -1139,7 +1139,7 @@ svn_ra_serf__expect_empty_body(serf_requ { svn_ra_serf__handler_t *handler = baton; serf_bucket_t *hdrs; - const char *val; + const char *val = 0; /* This function is just like handle_multistatus_only() except for the XML parsing callbacks. We want to look for the -readable element. */ @@ -1151,7 +1151,9 @@ svn_ra_serf__expect_empty_body(serf_requ SVN_ERR_ASSERT(handler->server_error == NULL); hdrs = serf_bucket_response_get_headers(response); - val = serf_bucket_headers_get(hdrs, "Content-Type"); + if (hdrs) + val = serf_bucket_headers_get(hdrs, "Content-Type"); + if (val && (handler->sline.code < 200 || handler->sline.code >= 300) && strncasecmp(val, "text/xml", sizeof("text/xml") - 1) == 0)
