D15826: [Balooshow] Avoid out-of-bounds access when accessing corrupt db data

Stefan BrĂ¼ns noreply at phabricator.kde.org
Sun Oct 7 15:43:55 BST 2018


bruns added inline comments.

INLINE COMMENTS

> poboiko wrote in main.cpp:204
> I'm not sure this check is needed - the other one (`posOfNonNumeric < 0`) seem to be covering this case.
> There shouldn't be an empty `QByteArray`, right?

See `word[0]` access directly after.
I have fixed to many "shouldn't be" errors/crashes due to corrupt DB values in the past.

> poboiko wrote in main.cpp:211
> Same note here. The fewer code to maintain - the better :)

This is the exact case I have had - "X<garbage">.
The code after (`word.indexOf('-', 2)`) requires a check for length >= 3 here (code correctness), semantics require >= 4.

> poboiko wrote in main.cpp:218
> I think we should `i18n()` those messages as well

I am not really sure:
balooctl -x is a quite low level debug tool. This is a diagnostic message only printed in case of DB errors. Translated strings make search on the web harder.

REPOSITORY
  R293 Baloo

REVISION DETAIL
  https://phabricator.kde.org/D15826

To: bruns, #baloo, #frameworks, poboiko
Cc: anthonyfieroni, kde-frameworks-devel, ashaposhnikov, michaelh, astippich, spoorun, ngraham, bruns, abrahams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20181007/109fda0e/attachment-0001.html>


More information about the Kde-frameworks-devel mailing list