[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: [PATCH] .desktop security ++
From: Michael Pyne <mpyne () purinchu ! net>
Date: 2009-02-21 19:37:40
Message-ID: 200902211437.40616.mpyne () purinchu ! net
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Saturday 21 February 2009, David Faure wrote:
> On Saturday 21 February 2009, Michael Pyne wrote:
> > I'm not really happy about manually moving
> > bytes around (especially as v1 in my testing today had an infinite loop)
> > but I don't trust readAll()/write() for library code. Please look at
> > this to make sure I've done it right.
>
> I don't understand, what's wrong with readAll? kdecore sure uses it in
> quite a few places. And it's not like any .desktop file is going to be 100
> MB in size...
I guess I just don't trust the idea of "read a effective random number of
bytes". I know that .desktop are going to be small but I guess I'm just
worrying to much about someone leaving a large .desktop file to see what
happens. I'll change it back to readAll/write though just to make it more
clear what's happening I guess since at least it won't be worse than the rest
of kdecore. ;)
> > + // A mere half-write isn't a failure mode I care to code about
>
> It would be easy though
> if (saveFile.write(shebang) != shebang.size()) {
> ...
> }
Well ironically I ended up writing the code for that case like not 5 lines
later anyways. :-/ I'll fix that too.
> BTW: can you reindent to 4 spaces? kdelibs coding style, even if the rest
> of krun.cpp might not use it yet, but we'll get there eventually.
I will as I much prefer it but I'd like to do all of krun.{h,cpp} in one swell
foop then (it would be a whitespace-only commit).
Regards,
- Michael Pyne
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Droid Sans Mono'; font-size:10pt; \
font-weight:400; font-style:normal;">On Saturday 21 February 2009, David Faure \
wrote:<br> > On Saturday 21 February 2009, Michael Pyne wrote:<br>
> > I'm not really happy about manually moving<br>
> > bytes around (especially as v1 in my testing today had an infinite \
loop)<br> > > but I don't trust readAll()/write() for library code. Please \
look at<br> > > this to make sure I've done it right.<br>
><br>
> I don't understand, what's wrong with readAll? kdecore sure uses it in<br>
> quite a few places. And it's not like any .desktop file is going to be 100<br>
> MB in size...<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>I guess I just don't trust the idea of "read a effective \
random number of bytes". I know that .desktop are going to be small but I guess I'm \
just worrying to much about someone leaving a large .desktop file to see what \
happens. I'll change it back to readAll/write though just to make it more clear \
what's happening I guess since at least it won't be worse than the rest of kdecore. \
;)<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>> > + // A mere half-write isn't a failure mode \
I care to code about<br> ><br>
> It would be easy though<br>
> if (saveFile.write(shebang) != shebang.size()) {<br>
> ...<br>
> }<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Well ironically I ended up writing the code for that case \
like not 5 lines later anyways. :-/ I'll fix that too.<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>> BTW: can you reindent to 4 spaces? kdelibs coding \
style, even if the rest<br> > of krun.cpp might not use it yet, but we'll get \
there eventually.<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>I will as I much prefer it but I'd like \
to do all of krun.{h,cpp} in one swell foop then (it would be a whitespace-only \
commit).<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Regards,<br>
- Michael Pyne</p></body></html>
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic