Week 2 & 3 commits

Prasun Kumar prasun.code at gmail.com
Mon Jun 22 05:34:00 BST 2020 

>
> I have spotted one potential hole though: the method
>
AccountNumberCheck::callback() should check that at least the expected
> number
> of arguments are in argv before processing them in readDatabase(). If for
> whatever reason less than the 7 arguments are passed, readDatabase() will
> access invalid memory.

Yes, this does make sense. I will fix it.

Besides that, I wonder what is passed as argv[0].
>
It's the first column of the database; the country code. Right now it is
not being used.
It'll be required when support for additional countries are added.


> Did you blog about your work somewhere?
>
Finishing it up. Will publish in a day or two.

Thanks for reviewing.
Prasun

On Sat, 20 Jun 2020 at 23:38, Thomas Baumgart <thb at net-bembel.de> wrote:

> Prasun,
>
> On Freitag, 19. Juni 2020 08:14:44 CEST Prasun Kumar wrote:
>
> > Hi everyone,
> > I have pushed the commits of my work in Week 2 and 3 of this project. The
> > code now reads data from the SQLite DB and I have also added support for
> > validity period checking.
> > I have added comments by trying to follow the convention of the current
> > code, but do let me know if I missed anything.
>
> This looks generally OK to me. I have spotted one potential hole though:
> the method
> AccountNumberCheck::callback() should check that at least the expected
> number
> of arguments are in argv before processing them in readDatabase(). If for
> whatever reason less than the 7 arguments are passed, readDatabase() will
> access invalid memory. Besides that, I wonder what is passed as argv[0].
>
> You should also make sure that the pointers passed by argv are not zero
> before
> using them. They can be as a result of the data contained in the database.
>
> See https://www.sqlite.org/c3ref/exec.html for details.
>
> > Note: I have disabled the ctest benchmark for now as it requires some
> work
> > which I plan to do this week.
> > Please take a look at the code and if anything is out of place, please
> let
> > me know.
>
> Done, see above. Keep going. Did you blog about your work somewhere?
>
> --
>
> Regards
>
> Thomas Baumgart
>
> https://www.signal.org/       Signal, the better WhatsApp
> -------------------------------------------------------------
> I'm playing in a band called 999 MB.
> We haven't gotten a gig yet.
> -------------------------------------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-finance-apps/attachments/20200622/ca2f27d5/attachment.htm>

More information about the Kde-finance-apps mailing list