bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Advisory and Patch: Heap corruption in CVS


From: Dair Grant
Subject: Re: Advisory and Patch: Heap corruption in CVS
Date: Mon, 29 Dec 2003 23:04:08 +0000

Jeff Downs wrote:

>This behavior was observed on a CVS pserver under Linux. Certain files 
>would cause the pserver to seg fault.
...
>We encountered this bug while using the CVS client built into the
>Netbeans IDE (www.netbeans.org).

We've also experienced what I believe is the same bug, when connecting
from MacCVS Pro (a Mac GUI cvs client) to cvs 1.12.2 on FreeBSD 5.1.

Depending on the contents of the file and the compression level selected
by the client, for some files the buffer would be grown enough to hold
the expanded data but not enough to hold the trailer. Depending on what
followed the buffer, this could either be "harmless" or produce a
segfault.

Our patch is essentially identical, however we only tackled
read_and_gzip - I've attached it here for reference only, as Jeff's
patch looks more comprehensive.


-dair
___________________________________________________
mailto:address@hidden     http://www.zonic.co.uk/

Attachment: zlib.c.diff
Description: Binary data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]