On 29.08.2016 18:57, Daniel Shahaf wrote:
When the "props:" line in a noderev lists an all-zeroes checksum, FSFS segfaults:[[[ % cat repro.sh #!/bin/sh rm -rf r wc svnadmin create r svn co -q file://`pwd`/r wc svn ps -q k v wc svn ci -qmm wc echo "First dump:" svnadmin dump -q r >/dev/null perl -pi -e 's/[0-9a-f]{16,}/"0" x length $&/e if /^props:/' r/db/revs/0/1 echo "Second dump:" svnadmin dump -q r >/dev/null ]]] Output: [[[ % ./repro.sh First dump: Second dump: Segmentation fault zsh: exit 139 ./repro.sh ]]] This is caused by these two lines in svn_fs_fs__parse_representation(): . 801 SVN_ERR(svn_checksum_parse_hex(&checksum, svn_checksum_md5, str, 802 scratch_pool)); 803 memcpy(rep->md5_digest, checksum->digest, sizeof(rep->md5_digest)); . Line 801 sets CHECKSUM to NULL (as promised by svn_checksum_parse_hex()'s docstring), line 803 dereferences it unconditionally.
I vaguely remember that we use(d) all-0 checksums as a 'no checksum' indicator. There may have been some mix-up when rep structure got flattened.
I'm not aware of any way to create such text:/props: lines via the API, but they're useful when editing revision files by hand, and in any case invalid on-disk data should not cause segfaults.
I'll look into this after the current APR and FSFS fixes for svnadmin pack are completed. Should not be too difficult to figure out the correct behaviour. -- Stefan^2.
