GCC's address sanitizer and valgrind both report a problem running
diff-diff3-test 15:
$ valgrind -q .libs/lt-diff-diff3-test 15
==6097== Invalid read of size 1
==6097== at 0x503FD83: find_identical_suffix (diff_file.c:586)
==6097== by 0x5040C45: datasources_open (diff_file.c:815)
==6097== by 0x503D6B2: svn_diff_diff3_2 (diff3.c:276)
==6097== by 0x5041D3A: svn_diff_file_diff3_2 (diff_file.c:1327)
==6097== by 0x401F2F: three_way_merge (diff-diff3-test.c:191)
==6097== by 0x4027B7: two_way_diff (diff-diff3-test.c:311)
==6097== by 0x405DF8: test_token_compare (diff-diff3-test.c:2589)
==6097== by 0x4E34C6A: do_test_num (svn_test_main.c:268)
==6097== by 0x4E35686: main (svn_test_main.c:551)
==6097== Address 0x138585af is 1 bytes before a block of size 131,072 alloc'd
==6097== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==6097== by 0x572DDDB: pool_alloc (apr_pools.c:1463)
==6097== by 0x572DF57: apr_palloc_debug (apr_pools.c:1504)
==6097== by 0x503FACA: find_identical_suffix (diff_file.c:558)
==6097== by 0x5040C45: datasources_open (diff_file.c:815)
==6097== by 0x503D6B2: svn_diff_diff3_2 (diff3.c:276)
==6097== by 0x5041D3A: svn_diff_file_diff3_2 (diff_file.c:1327)
==6097== by 0x401F2F: three_way_merge (diff-diff3-test.c:191)
==6097== by 0x4027B7: two_way_diff (diff-diff3-test.c:311)
==6097== by 0x405DF8: test_token_compare (diff-diff3-test.c:2589)
==6097== by 0x4E34C6A: do_test_num (svn_test_main.c:268)
==6097== by 0x4E35686: main (svn_test_main.c:551)
The problem is that find_identical_suffix allocates a chunk after the end of the
file and then sets endp to one byte before the chunk.
Related discussion:
http://mail-archives.apache.org/mod_mbox/subversion-dev/201303.mbox/%3C87r4j38mtn.fsf@ntlworld.com%3E
http://svn.haxx.se/dev/archive-2013-03/0399.shtml
Bug
Major