KDE3.4RC1: Incompatibility

Martin Ellis kde at martinellis.co.uk
Mon Mar 14 16:07:05 GMT 2005


On Sunday 13 Mar 2005 20:54, Scott Wheeler wrote:
> Huh?  This is kind of a dumb idea, actually.  What will you gain by
> replacing a well maintained C library with a Qt-based
> implementation of its API?

Some sanity maybe?

Quoting myself on a different thread on KOffice-devel:

  The glib API provides no checking of indices.

  Contrast that to something like this from the Qt API
   http://doc.trolltech.com/3.3/qstring.html#at,
  where using out of bounds indices has a defined behaviour
  (defined in the sense that it's not 'buffer overflow').

It's just too easy to write security vulnerabilities in glib code.

(That's not to say you can't do it when you're using Qt,
obviously. It's just not quite so simple)

I'm not saying that reimplementing it is the best idea in the world-
just that it's not totally dumb.

Martin




More information about the kde-core-devel mailing list