Review Request 127786: Remove custom read functions for QString and QStringList

David Faure faure at kde.org
Fri Apr 29 10:56:33 UTC 2016


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/127786/#review95012
-----------------------------------------------------------



This is not about trust and attacks, this is about not allocating 4 GB of RAM when reading a corrupted binary file.

- David Faure


On April 29, 2016, 10:22 a.m., Jos van den Oever wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/127786/
> -----------------------------------------------------------
> 
> (Updated April 29, 2016, 10:22 a.m.)
> 
> 
> Review request for KDE Frameworks, David Faure and Milian Wolff.
> 
> 
> Repository: kservice
> 
> 
> Description
> -------
> 
> Writing KBuildSycoca is done with <<. Up till now there were special 'safe' functions for reading QString and QStringList. They only limited the size of QString and the number of allowed entries in QStringList. The cache file is created by the trusted system. If file size is an attack vector, these safe functions are useful and we should keep them.
> 
> This patch is three commits:
> 
> 1)  Use the standard read function for reading QStringList
> 
> 
> 2)  Use the standard read function for reading QString
> 
> 
> 3)  Remove redundant #include
>     
>     ksycocaentry.h is included via kservice.h
> 
> 
> Diffs
> -----
> 
>   src/CMakeLists.txt f4d09d5 
>   src/services/kservicegroup.h c046314 
>   src/services/kservicetypefactory.cpp 2edc57c 
>   src/sycoca/kctimefactory.cpp a8c7846 
>   src/sycoca/ksycoca.cpp 5d43ef4 
>   src/sycoca/ksycoca_p.h 119c3ee 
>   src/sycoca/ksycocaentry.cpp 5fbd158 
>   src/sycoca/ksycocautils.cpp 84998b7 
>   src/sycoca/ksycocautils_p.h aad9d50 
> 
> Diff: https://git.reviewboard.kde.org/r/127786/diff/
> 
> 
> Testing
> -------
> 
> All tests still pass.
> 
> 
> Thanks,
> 
> Jos van den Oever
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160429/43ff723c/attachment.html>


More information about the Kde-frameworks-devel mailing list