[PATCH] .desktop security ++

[Michael Pyne]

On Saturday 21 February 2009, David Faure wrote:
> On Saturday 21 February 2009, Michael Pyne wrote:
> >  I'm not really happy about manually moving
> > bytes around (especially as v1 in my testing today had an infinite loop)
> > but I don't trust readAll()/write() for library code.  Please look at
> > this to make sure I've done it right.
>
> I don't understand, what's wrong with readAll? kdecore sure uses it in
> quite a few places. And it's not like any .desktop file is going to be 100
> MB in size...

I guess I just don't trust the idea of "read a effective random number of 
bytes".  I know that .desktop are going to be small but I guess I'm just 
worrying to much about someone leaving a large .desktop file to see what 
happens.  I'll change it back to readAll/write though just to make it more 
clear what's happening I guess since at least it won't be worse than the rest 
of kdecore. ;)

> > +      // A mere half-write isn't a failure mode I care to code about
>
> It would be easy though
> if (saveFile.write(shebang) != shebang.size()) {
>     ...
> }

Well ironically I ended up writing the code for that case like not 5 lines 
later anyways. :-/  I'll fix that too.

> BTW: can you reindent to 4 spaces? kdelibs coding style, even if the rest
> of krun.cpp might not use it yet, but we'll get there eventually.

I will as I much prefer it but I'd like to do all of krun.{h,cpp} in one swell 
foop then (it would be a whitespace-only commit).

Regards,
 - Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/be01d89a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/be01d89a/attachment.sig>