On Fri, May 09, 2025 at 04:25:42PM +0200, Dr. Thomas Orgis via dev wrote: > Dear all, > > recently my subversion build crashed on an internal repository of build > scripts and patches. The operation > > svn merge ^/package/pkgsrc/devel/patches-2025Q1 patches-cvs/ > > was suppose to merge back changes from one patches directory to > another. This results in a segfault due to a NULL pointer dereference > in uri_escape().
Thank you for your report, Thomas! This bug should already be fixed on trunk. The bug was reported in August 2021 and fixed in revision r1892118. For some reason the fix has not been applied to the 1.14.x branch. It seems I forgot to nominate the fix for backport. It is still a clean merge: $ svn info --show-item url https://svn.apache.org/repos/asf/subversion/branches/1.14.x $ svn merge -c r1892118 ^/subversion/trunk --- Merging r1892118 into '.': U subversion/libsvn_client/conflicts.c --- Recording mergeinfo for merge of r1892118 into '.': U . In any case, I have nominated this fix now, so this issue will be fixed in 1.14.6. Can you confirm that this fix helps your problematic case, too? The patch is included below. Regards, Stefan ------------------------------------------------------------------------ r1892118 | stsp | 2021-08-08 22:26:28 +0200 (Sun, 08 Aug 2021) | 12 lines Fix a NULL pointer dereference in the conflict resolver. * subversion/libsvn_client/conflicts.c (conflict_tree_get_details_local_missing): The find_related_node() helper may return a NULL related_repo_relpath in some cases. Ensure that this will not clobber the related_repo_relpath we already calculated and bail out early in case we do end up with a NULL pointer. Reported by: Joshua Kordani (jkordani {AT} roboticresearch dot com) on users@ with a patch included in the report. Joshua kindly tested my alternative fix for this issue and confirmed that it works as expected. Index: subversion/libsvn_client/conflicts.c =================================================================== --- subversion/libsvn_client/conflicts.c (revision 1892117) +++ subversion/libsvn_client/conflicts.c (revision 1892118) @@ -2847,13 +2847,27 @@ /* Make sure we're going to search the related node in a revision where * it exists. The younger incoming node might have been deleted in HEAD. */ if (related_repos_relpath != NULL && related_peg_rev != SVN_INVALID_REVNUM) - SVN_ERR(find_related_node( - &related_repos_relpath, &related_peg_rev, - related_repos_relpath, related_peg_rev, - (old_rev < new_rev ? old_repos_relpath : new_repos_relpath), - (old_rev < new_rev ? old_rev : new_rev), - conflict, ctx, scratch_pool, scratch_pool)); + { + const char *older_related_repos_relpath; + svn_revnum_t older_related_peg_rev; + SVN_ERR(find_related_node( + &older_related_repos_relpath, &older_related_peg_rev, + related_repos_relpath, related_peg_rev, + (old_rev < new_rev ? old_repos_relpath : new_repos_relpath), + (old_rev < new_rev ? old_rev : new_rev), + conflict, ctx, scratch_pool, scratch_pool)); + if (older_related_repos_relpath != NULL && + older_related_peg_rev != SVN_INVALID_REVNUM) + { + related_repos_relpath = older_related_repos_relpath; + related_peg_rev = older_related_peg_rev; + } + } + /* Bail if we are unable to find the related node. */ + if (related_repos_relpath == NULL || related_peg_rev == SVN_INVALID_REVNUM) + return SVN_NO_ERROR; + /* Set END_REV to our best guess of the nearest YCA revision. */ url = svn_path_url_add_component2(repos_root_url, related_repos_relpath, scratch_pool); ------------------------------------------------------------------------
