Author: stsp
Date: Tue Apr 10 12:57:57 2012
New Revision: 1311702
URL: http://svn.apache.org/viewvc?rev=1311702&view=rev
Log:
Prevent out-of-bounds array access during 'svn diff' arguments processing.
* subversion/svn/diff-cmd.c
(svn_cl__diff): In the 'svn diff --old X --new Y' case, the parsed target
array might contain less than 2 targets if X and/or Y were skipped by
svn_cl__args_to_target_array_print_reserved(), e.g. because either or
both X and Y were .svn directories. Add a check that ensures we got
at least two targets -- any additional arguments are interpreted as
relative to X and Y (as explained by 'svn help diff').
Modified:
subversion/trunk/subversion/svn/diff-cmd.c
Modified: subversion/trunk/subversion/svn/diff-cmd.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/diff-cmd.c?rev=1311702&r1=1311701&r2=1311702&view=diff
==============================================================================
--- subversion/trunk/subversion/svn/diff-cmd.c (original)
+++ subversion/trunk/subversion/svn/diff-cmd.c Tue Apr 10 12:57:57 2012
@@ -249,6 +249,12 @@ svn_cl__diff(apr_getopt_t *os,
SVN_ERR(svn_cl__args_to_target_array_print_reserved(&tmp2, os, tmp,
ctx, FALSE, pool));
+
+ /* Check if either or both targets were skipped (e.g. because they
+ * were .svn directories). */
+ if (tmp2->nelts < 2)
+ return svn_error_create(SVN_ERR_CL_INSUFFICIENT_ARGS, NULL, NULL);
+
SVN_ERR(svn_opt_parse_path(&old_rev, &old_target,
APR_ARRAY_IDX(tmp2, 0, const char *),
pool));
