In tracking down spurious coredumps we have in our custom RPC server, I found
one in svn_checksum__from_digest() due to bad input:
svn_checksum_t *
svn_checksum__from_digest(const unsigned char *digest,
svn_checksum_kind_t kind,
apr_pool_t *result_pool)
{
svn_checksum_t *checksum = svn_checksum_create(kind, result_pool);
memcpy((unsigned char *)checksum->digest, digest, DIGESTSIZE(kind));
return checksum;
}
If kind is invalid, then svn_checksum_create() returns NULL, which then
coredumps in memcpy().
Normally, I would change svn_checksum__from_digest() to
svn_error_t *
svn_checksum__from_digest(svn_checksum_t **checksum,
const unsigned char *digest,
svn_checksum_kind_t kind,
apr_pool_t *result_pool);
but I'm wondering how the checksum code needs to handle newer checksums in older
Subversion servers? Say 1.9 adds sha224 and then we read the repos in 1.7, how
should svn handle this? Should it throw a SVN_ERR_BAD_CHECKSUM_KIND or silently
map an unknown checksum to NULL? Do we want to conditionally support checksums
depending upon repository version?
Frankly, I'm happy I got a core dump in our code since it prevented bad data
from being used. My feeling is that the bad data is coming from a cache entry
that is released but something has a pointer to it still.
Blair
