[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: [PATCH] .desktop security ++
From: Michael Pyne <mpyne () purinchu ! net>
Date: 2009-02-21 19:37:40
Message-ID: 200902211437.40616.mpyne () purinchu ! net
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Saturday 21 February 2009, David Faure wrote:
> On Saturday 21 February 2009, Michael Pyne wrote:
> > I'm not really happy about manually moving
> > bytes around (especially as v1 in my testing today had an infinite loop)
> > but I don't trust readAll()/write() for library code. Please look at
> > this to make sure I've done it right.
>
> I don't understand, what's wrong with readAll? kdecore sure uses it in
> quite a few places. And it's not like any .desktop file is going to be 100
> MB in size...
I guess I just don't trust the idea of "read a effective random number of
bytes". I know that .desktop are going to be small but I guess I'm just
worrying to much about someone leaving a large .desktop file to see what
happens. I'll change it back to readAll/write though just to make it more
clear what's happening I guess since at least it won't be worse than the rest
of kdecore. ;)
> > + // A mere half-write isn't a failure mode I care to code about
>
> It would be easy though
> if (saveFile.write(shebang) != shebang.size()) {
> ...
> }
Well ironically I ended up writing the code for that case like not 5 lines
later anyways. :-/ I'll fix that too.
> BTW: can you reindent to 4 spaces? kdelibs coding style, even if the rest
> of krun.cpp might not use it yet, but we'll get there eventually.
I will as I much prefer it but I'd like to do all of krun.{h,cpp} in one swell
foop then (it would be a whitespace-only commit).
Regards,
- Michael Pyne
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta \
name="qrichtext" content="1" /><style type="text/css">p, li { white-space: \
pre-wrap; }</style></head><body style=" font-family:'Droid Sans Mono'; \
font-size:10pt; font-weight:400; font-style:normal;">On Saturday 21 \
February 2009, David Faure wrote:<br> > On Saturday 21 February 2009, \
Michael Pyne wrote:<br> > > I'm not really happy about manually \
moving<br> > > bytes around (especially as v1 in my testing today had \
an infinite loop)<br> > > but I don't trust readAll()/write() for \
library code. Please look at<br> > > this to make sure I've done it \
right.<br> ><br>
> I don't understand, what's wrong with readAll? kdecore sure uses it \
in<br> > quite a few places. And it's not like any .desktop file is \
going to be 100<br> > MB in size...<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>I guess I just don't trust the idea of "read a \
effective random number of bytes". I know that .desktop are going to be \
small but I guess I'm just worrying to much about someone leaving a large \
.desktop file to see what happens. I'll change it back to readAll/write \
though just to make it more clear what's happening I guess since at least \
it won't be worse than the rest of kdecore. ;)<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>> > + // A mere half-write isn't a \
failure mode I care to code about<br> ><br>
> It would be easy though<br>
> if (saveFile.write(shebang) != shebang.size()) {<br>
> ...<br>
> }<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Well ironically I ended up writing the code for \
that case like not 5 lines later anyways. :-/ I'll fix that too.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>> BTW: can you reindent to 4 spaces? kdelibs \
coding style, even if the rest<br> > of krun.cpp might not use it yet, \
but we'll get there eventually.<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>I will as I \
much prefer it but I'd like to do all of krun.{h,cpp} in one swell foop \
then (it would be a whitespace-only commit).<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Regards,<br>
- Michael Pyne</p></body></html>
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic