D15826: [Balooshow] Avoid out-of-bounds access when accessing corrupt db data
Stefan BrĂ¼ns
noreply at phabricator.kde.org
Sun Oct 7 15:43:55 BST 2018
bruns added inline comments.
INLINE COMMENTS
> poboiko wrote in main.cpp:204
> I'm not sure this check is needed - the other one (`posOfNonNumeric < 0`) seem to be covering this case.
> There shouldn't be an empty `QByteArray`, right?
See `word[0]` access directly after.
I have fixed to many "shouldn't be" errors/crashes due to corrupt DB values in the past.
> poboiko wrote in main.cpp:211
> Same note here. The fewer code to maintain - the better :)
This is the exact case I have had - "X<garbage">.
The code after (`word.indexOf('-', 2)`) requires a check for length >= 3 here (code correctness), semantics require >= 4.
> poboiko wrote in main.cpp:218
> I think we should `i18n()` those messages as well
I am not really sure:
balooctl -x is a quite low level debug tool. This is a diagnostic message only printed in case of DB errors. Translated strings make search on the web harder.
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D15826
To: bruns, #baloo, #frameworks, poboiko
Cc: anthonyfieroni, kde-frameworks-devel, ashaposhnikov, michaelh, astippich, spoorun, ngraham, bruns, abrahams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20181007/109fda0e/attachment-0001.html>
More information about the Kde-frameworks-devel
mailing list