D15826: [Balooshow] Avoid out-of-bounds access when accessing corrupt db data
Igor Poboiko
noreply at phabricator.kde.org
Sun Oct 7 10:22:15 BST 2018
poboiko added a comment.
I never experienced such corruption, though, but sanity check shouldn't hurt.
INLINE COMMENTS
> main.cpp:204
> + if (arr.length() <= 1) {
> + stream << "Malformed term (short): " << arr << "\n";
> + continue;
I'm not sure this check is needed - the other one (`posOfNonNumeric < 0`) seem to be covering this case.
There shouldn't be an empty `QByteArray`, right?
> main.cpp:211
> if (word[0] == QLatin1Char('X')) {
> - int posOfNonNumeric = 1;
> - while (word[posOfNonNumeric] != '-') {
> - posOfNonNumeric++;
> + if (word.length() < 4) {
> + // 'X<num>-<value>
Same note here. The fewer code to maintain - the better :)
> main.cpp:218
> + if ((posOfNonNumeric < 0) || ((posOfNonNumeric + 1) == word.length())) {
> + stream << "Malformed property term (no data): " << word << "\n";
> + continue;
I think we should `i18n()` those messages as well
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D15826
To: bruns, #baloo, #frameworks, poboiko
Cc: anthonyfieroni, kde-frameworks-devel, ashaposhnikov, michaelh, astippich, spoorun, ngraham, bruns, abrahams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20181007/4de5397d/attachment.html>
More information about the Kde-frameworks-devel
mailing list