Author: rhuijben
Date: Fri Mar 18 09:03:26 2011
New Revision: 1082851
URL: http://svn.apache.org/viewvc?rev=1082851&view=rev
Log:
Following up on r1079686 and r1082838, use eof variable for checking end of
file status and fix a buffer overflow. Add a note on '\r\n' handling might be
broken. (Needs further review)
* subversion/libsvn_diff/parse-diff.c
(scan_eol): Don't calculate a length we don't use and don't overflow our
stack buffer by keeping space for the 0 byte we add a few lines later.
Modified:
subversion/trunk/subversion/libsvn_diff/parse-diff.c
Modified: subversion/trunk/subversion/libsvn_diff/parse-diff.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_diff/parse-diff.c?rev=1082851&r1=1082850&r2=1082851&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_diff/parse-diff.c (original)
+++ subversion/trunk/subversion/libsvn_diff/parse-diff.c Fri Mar 18 09:03:26
2011
@@ -292,16 +292,18 @@ scan_eol(const char **eol, apr_file_t *f
if (total_len >= max_len)
break;
- len = sizeof(buf) - 1 < (max_len - total_len) ? sizeof(buf) - 1
- : (max_len - total_len);
- SVN_ERR(svn_io_file_read_full2(file, buf, sizeof(buf), &len, &eof,
+ SVN_ERR(svn_io_file_read_full2(file, buf, sizeof(buf)-1, &len, &eof,
pool));
- if (len == 0)
- break; /* EOF */
+ if (eof)
+ break;
buf[len] = '\0';
total_len += len;
+
+ /* ### BH: Does this properly detect the case where '\r' is on byte 254
+ ### (last character of buffer and '\n' is on byte 255 (first
+ ### character of next buffer)? */
eol_str = svn_eol__detect_eol(buf, buf + len);
}
