subject:"Use\-after\-free of object\-pools in subversion\/libsvn

Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Thomas Weißschuh

Hi everybody, While investigating persistent segmentation faults in mod_dav_svn I found invalid uses of objectpools in subversion/libsnv_repos/authz.c. In svn_repos_authz_initialize() the objectpools passed in during the configuration phase are stored in static variables. For some reason the conf

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Stefan Sperling

On Wed, Nov 03, 2021 at 04:21:34PM +0100, Thomas Weißschuh wrote: > Hi everybody, > > While investigating persistent segmentation faults in mod_dav_svn I found > invalid uses of objectpools in subversion/libsnv_repos/authz.c. > > In svn_repos_authz_initialize() the objectpools passed in during th

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Thomas Weißschuh

On 2021-11-03 16:34+0100, Stefan Sperling wrote: > On Wed, Nov 03, 2021 at 04:21:34PM +0100, Thomas Weißschuh wrote: > > Hi everybody, > > > > While investigating persistent segmentation faults in mod_dav_svn I found > > invalid uses of objectpools in subversion/libsnv_repos/authz.c. > > > > In s

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Stefan Sperling

On Wed, Nov 03, 2021 at 04:47:39PM +0100, Thomas Weißschuh wrote: > The svn_atomic__init_once() inside svn_repos_authz_initialize() seems to work > correctly. synchronized_authz_initialize() is only executed once. > > I am arguing that it should *not* be executed only once because the pools that >

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Thomas Weißschuh

On 2021-11-03 17:14+0100, Stefan Sperling wrote: > On Wed, Nov 03, 2021 at 04:47:39PM +0100, Thomas Weißschuh wrote: > > The svn_atomic__init_once() inside svn_repos_authz_initialize() seems to > > work > > correctly. synchronized_authz_initialize() is only executed once. > > > > I am arguing tha

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Stefan Sperling

On Wed, Nov 03, 2021 at 05:21:19PM +0100, Thomas Weißschuh wrote: > On 2021-11-03 17:14+0100, Stefan Sperling wrote: > > On Wed, Nov 03, 2021 at 04:47:39PM +0100, Thomas Weißschuh wrote: > > > The svn_atomic__init_once() inside svn_repos_authz_initialize() seems to > > > work > > > correctly. sync

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-03 Thread Thomas Weißschuh

On 2021-11-03 17:14+0100, Stefan Sperling wrote: > On Wed, Nov 03, 2021 at 04:47:39PM +0100, Thomas Weißschuh wrote: > > The svn_atomic__init_once() inside svn_repos_authz_initialize() seems to > > work > > correctly. synchronized_authz_initialize() is only executed once. > > > > I am arguing tha

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

2021-11-04 Thread Thomas Weißschuh

On 2021-11-03 18:26+0100, Thomas Weißschuh wrote: > I'll open a ticket for that tomorrow. The ticket is here: https://issues.apache.org/jira/browse/SVN-4880

Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

Re: Use-after-free of object-pools in subversion/libsvn_repos/authz.c

8 matches

Site Navigation

Mail list logo

Footer information