Jean-Marc Lasgouttes wrote: > Le 10/03/2017 ?? 16:32, Jean-Marc Lasgouttes a écrit : >> commit 9a013637bbe7c35dc90cb28ff874da99133a1f8b >> Author: Jean-Marc Lasgouttes <lasgout...@lyx.org> >> Date: Fri Mar 10 16:29:09 2017 +0100 >> >> Experiment: limit size of strings read from lib/symbols >> >> Coverity complains that we might read strings that are arbitrary >> large, and that this can be a security issue. This is a problem in >> particular, when we feed these strings to from_utf8(), which coverity >> flags as dangerous for some reason. >> >> The best solution would be IMO to model from_utf8() properly, but I do >> not know how to do that. Here I try a different solution, where I >> cannot read a string larger than 64k from the file. >> >> Let's see whether this removes part of coverity warnings. > > This kiils all the defects notified by coverity in MathFactory.cpp. > There are several other places where such limitation could be used, for > example RCS:scanMaster(). > > Would anybody disagree on that? I could for example limit string width to > 64k again.
Limiting tokens in RCS:scanMaster() seems to be ok. All generally all lines we are parsing in VCBackend.cpp should be under 64k. Pavel