Buffer overflow in svn_read_xml()

[wfr]

There's an exploitable stack buffer overflow in svn.c when handling legacy Subversion repos:

vcprompt/src/svn.c

Line 76 in 67394fc

if (sscanf(p, " %*[^\"]\"%[0-9]\"", rev) == 1) {

Steps to reproduce:

• compile with -fsanitze=address or use valgrind
• create a subversion repo
• rm .svn/wc*
• put the following into .svn/entries

<?xml version="1.0" encoding="utf-8"?>
<wc-entries
   xmlns="http://subversion.tigris.org/xmlns/wc/entries/1.0">
   <entry
     revision="1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"/>
</wc-entries>

Patch:
wfr/vcprompt@da2825e