Re: Review Request 127786: Remove custom read functions for QString and QStringList

Fri, 29 Apr 2016 04:19:34 -0700 


> On apr 29, 2016, 10:56 a.m., David Faure wrote:
> > This is not about trust and attacks, this is about not allocating 4 GB of 
> > RAM when reading a corrupted binary file.

That will only happen if the file or stream is 4 GB. `QDataStream 
&operator>>(QDataStream &in, QString &str)` allocates while reading in 1 MiB 
chunks.


- Jos


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/127786/#review95012
-----------------------------------------------------------


On apr 29, 2016, 10:22 a.m., Jos van den Oever wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/127786/
> -----------------------------------------------------------
> 
> (Updated apr 29, 2016, 10:22 a.m.)
> 
> 
> Review request for KDE Frameworks, David Faure and Milian Wolff.
> 
> 
> Repository: kservice
> 
> 
> Description
> -------
> 
> Writing KBuildSycoca is done with <<. Up till now there were special 'safe' 
> functions for reading QString and QStringList. They only limited the size of 
> QString and the number of allowed entries in QStringList. The cache file is 
> created by the trusted system. If file size is an attack vector, these safe 
> functions are useful and we should keep them.
> 
> This patch is three commits:
> 
> 1)  Use the standard read function for reading QStringList
> 
> 
> 2)  Use the standard read function for reading QString
> 
> 
> 3)  Remove redundant #include
>     
>     ksycocaentry.h is included via kservice.h
> 
> 
> Diffs
> -----
> 
>   src/CMakeLists.txt f4d09d5 
>   src/services/kservicegroup.h c046314 
>   src/services/kservicetypefactory.cpp 2edc57c 
>   src/sycoca/kctimefactory.cpp a8c7846 
>   src/sycoca/ksycoca.cpp 5d43ef4 
>   src/sycoca/ksycoca_p.h 119c3ee 
>   src/sycoca/ksycocaentry.cpp 5fbd158 
>   src/sycoca/ksycocautils.cpp 84998b7 
>   src/sycoca/ksycocautils_p.h aad9d50 
> 
> Diff: https://git.reviewboard.kde.org/r/127786/diff/
> 
> 
> Testing
> -------
> 
> All tests still pass.
> 
> 
> Thanks,
> 
> Jos van den Oever
> 
>


_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel

Reply via email to