Author: stefan2 Date: Thu May 16 19:53:28 2013 New Revision: 1483535 URL: http://svn.apache.org/r1483535 Log: Follow-up to r1483292: Document that the core function does not include any overflow checking. Add overflow checks to svn_revnum_parse.
Found by: Mattias EngdegÄrd <[email protected]> * subversion/include/private/svn_string_private.h (svn__strtoul): note missing overflow checks in docstring plus give advice how to handle that situation * subversion/libsvn_subr/types.c (svn_revnum_parse): limit revnums to signed 32 bits (the only portable limit we have on them) and 10 digits Modified: subversion/trunk/subversion/include/private/svn_string_private.h subversion/trunk/subversion/libsvn_subr/types.c Modified: subversion/trunk/subversion/include/private/svn_string_private.h URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/include/private/svn_string_private.h?rev=1483535&r1=1483534&r2=1483535&view=diff ============================================================================== --- subversion/trunk/subversion/include/private/svn_string_private.h (original) +++ subversion/trunk/subversion/include/private/svn_string_private.h Thu May 16 19:53:28 2013 @@ -136,8 +136,10 @@ svn_stringbuf__morph_into_string(svn_str apr_status_t svn__strtoff(apr_off_t *offset, const char *buf, char **end, int base); -/** Like strtoul but with a fixed base of 10. This allows the compiler to - * generate massively faster (4x on 64bit LINUX) code. +/** Like strtoul but with a fixed base of 10 and without overflow checks. + * This allows the compiler to generate massively faster (4x on 64bit LINUX) + * code. Overflow checks may be added on the caller side where you might + * want to test for a more specific value range anyway. */ unsigned long svn__strtoul(const char *buffer, char **end); Modified: subversion/trunk/subversion/libsvn_subr/types.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/types.c?rev=1483535&r1=1483534&r2=1483535&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_subr/types.c (original) +++ subversion/trunk/subversion/libsvn_subr/types.c Thu May 16 19:53:28 2013 @@ -51,6 +51,23 @@ svn_revnum_parse(svn_revnum_t *rev, : _("Invalid revision number found parsing '%s'"), str); + /* a revision number with more than 9 digits is suspicious. + Have a closer look at those. */ + if (str + 10 <= end) + { + /* we support 32 bit revision numbers only. check for overflows */ + if (str + 10 < end) + return svn_error_createf + (SVN_ERR_REVNUM_PARSE_FAILURE, NULL, + _("Revision number longer than 10 digits '%s'"), str); + + /* we support 32 bit revision numbers only. check for overflows */ + if (result < 1000000000 || result > APR_INT32_MAX) + return svn_error_createf + (SVN_ERR_REVNUM_PARSE_FAILURE, NULL, + _("Revision number too large or not normalized '%s'"), str); + } + *rev = result; return SVN_NO_ERROR;
