Review Request: Make TGAHandler to be stricter about supported files, makes Konqueror not to crash on http://www.hs.fi

Aurélien Gâteau agateau at kde.org
Tue May 26 16:03:13 BST 2009 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.kde.org/r/756/#review1206
-----------------------------------------------------------

Ship it!


Tested it and could not find any regression. Good job!
I think however that KHTML should also be fixed: it should not try to open an url if it's empty.

- Aurélien


On 2009-05-23 17:17:30, Teemu Rytilahti wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://reviewboard.kde.org/r/756/
> -----------------------------------------------------------
> 
> (Updated 2009-05-23 17:17:30)
> 
> 
> Review request for kdelibs.
> 
> 
> Summary
> -------
> 
> Update kimgio's TGAHandler to be stricter about whether the file is supported or not + removes duplicate checks. Changes are based on the spec which can be found from here: http://www.ludorg.net/amnesia/TGA_File_Format_Spec.html
> 
> See the attached bugs for possible casualties of the not-so-strict checking, and you can also test http://www.hs.fi with Konqueror.
> 
> For a simpler test-case with Konqueror, try putting '<link href="http://www.hs.fi/static/hs3/css/hs-compressed.css" rel="stylesheet" type="text/css" media="all" />' to an HTML file and load it up on Konqueror, due to an empty url() in that CSS file, Konqueror/KHTML tries to find out who wants to load the file with an empty url and apparently goes through QImageIO to see if someone supports that data, TGAHandler's canRead() reports true and call to LoadTGA is made. That doesn't check whether the input is valid and kaboom, it crashes.
> 
> 
> This addresses bugs 189338 and 192191.
>     https://bugs.kde.org/show_bug.cgi?id=189338
>     https://bugs.kde.org/show_bug.cgi?id=192191
> 
> 
> Diffs
> -----
> 
>   /trunk/KDE/kdelibs/kimgio/tga.cpp 969090 
> 
> Diff: http://reviewboard.kde.org/r/756/diff
> 
> 
> Testing
> -------
> 
> Tested by using images from this site: http://www.fileformat.info/format/tga/sample/index.htm . Two of the 8-bit images do not work, but they did not do that earlier either. http://www.hs.fi does not crash anymore either.
> 
> 
> Thanks,
> 
> Teemu
> 
>

More information about the kde-core-devel mailing list