I've been experimenting with GCC's address sanitizer which is a tool for catching memory problems. It has identified some uses of uninitialised memory. valgrind also detects problems at the same places:
$ valgrind -q .libs/lt-mergeinfo-test 6 ==6075== Invalid read of size 8 ==6075== at 0x4C2B5A0: memmove (mc_replace_strmem.c:981) ==6075== by 0x507A989: svn_rangelist__combine_adjacent_ranges (mergeinfo.c:653) ==6075== by 0x507AC19: parse_revision_line (mergeinfo.c:706) ==6075== by 0x507AD7A: parse_top (mergeinfo.c:737) ==6075== by 0x507AE21: svn_mergeinfo_parse (mergeinfo.c:752) ==6075== by 0x403D14: rev_array_to_rangelist (mergeinfo-test.c:963) ==6075== by 0x403ED8: test_rangelist_remove_randomly (mergeinfo-test.c:1003) ==6075== by 0x4E34C6A: do_test_num (svn_test_main.c:268) ==6075== by 0x4E35686: main (svn_test_main.c:551) ==6075== Address 0x7f21090 is 0 bytes after a block of size 128 alloc'd ==6075== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==6075== by 0x52E5DDB: pool_alloc (apr_pools.c:1463) ==6075== by 0x52E5F57: apr_palloc_debug (apr_pools.c:1504) ==6075== by 0x52DBA47: apr_array_push (apr_tables.c:113) ==6075== by 0x507A586: parse_rangelist (mergeinfo.c:559) ==6075== by 0x507AAD1: parse_revision_line (mergeinfo.c:685) ==6075== by 0x507AD7A: parse_top (mergeinfo.c:737) ==6075== by 0x507AE21: svn_mergeinfo_parse (mergeinfo.c:752) ==6075== by 0x403D14: rev_array_to_rangelist (mergeinfo-test.c:963) ==6075== by 0x403ED8: test_rangelist_remove_randomly (mergeinfo-test.c:1003) ==6075== by 0x4E34C6A: do_test_num (svn_test_main.c:268) ==6075== by 0x4E35686: main (svn_test_main.c:551) mergeinfo-test 16 triggers the same problem. $ valgrind -q .libs/lt-diff-diff3-test 15 ==6097== Invalid read of size 1 ==6097== at 0x503FD83: find_identical_suffix (diff_file.c:586) ==6097== by 0x5040C45: datasources_open (diff_file.c:815) ==6097== by 0x503D6B2: svn_diff_diff3_2 (diff3.c:276) ==6097== by 0x5041D3A: svn_diff_file_diff3_2 (diff_file.c:1327) ==6097== by 0x401F2F: three_way_merge (diff-diff3-test.c:191) ==6097== by 0x4027B7: two_way_diff (diff-diff3-test.c:311) ==6097== by 0x405DF8: test_token_compare (diff-diff3-test.c:2589) ==6097== by 0x4E34C6A: do_test_num (svn_test_main.c:268) ==6097== by 0x4E35686: main (svn_test_main.c:551) ==6097== Address 0x138585af is 1 bytes before a block of size 131,072 alloc'd ==6097== at 0x4C28BED: malloc (vg_replace_malloc.c:263) ==6097== by 0x572DDDB: pool_alloc (apr_pools.c:1463) ==6097== by 0x572DF57: apr_palloc_debug (apr_pools.c:1504) ==6097== by 0x503FACA: find_identical_suffix (diff_file.c:558) ==6097== by 0x5040C45: datasources_open (diff_file.c:815) ==6097== by 0x503D6B2: svn_diff_diff3_2 (diff3.c:276) ==6097== by 0x5041D3A: svn_diff_file_diff3_2 (diff_file.c:1327) ==6097== by 0x401F2F: three_way_merge (diff-diff3-test.c:191) ==6097== by 0x4027B7: two_way_diff (diff-diff3-test.c:311) ==6097== by 0x405DF8: test_token_compare (diff-diff3-test.c:2589) ==6097== by 0x4E34C6A: do_test_num (svn_test_main.c:268) ==6097== by 0x4E35686: main (svn_test_main.c:551) -- Certified & Supported Apache Subversion Downloads: http://www.wandisco.com/subversion/download
