Stefan Fuhrmann <stef...@apache.org> writes: >> As it turns out, this particular micro-optimization makes a data leak >> possible. This is not a real security issue, as the change happened on >> trunk and didn't become part of any released version. Still, I think >> that we should fix this prior to making 1.9 public. > > Good catch, Evgeny! Fixed in r1658439.
I wonder if we really should be adding static const svn_string_t's, and using "sizeof(define) -1" for unknown performance improvements without appropriate measurements. By the way, it looks like this changeset [1] did not really remove the XFail() marker from the new test, so I expect the buildbots to turn red. [1] http://svn.apache.org/r1658439 Regards, Evgeny Kotkov
