[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: nspluginviewer still crashes
From: Dirk Mueller <mueller () kde ! org>
Date: 2001-08-11 0:43:48
[Download RAW message or body]
On Fre, 10 Aug 2001, Waldo Bastian wrote:
> Someone replaced the working version with some BSD crap it seems.
I guess you mean me as I'm suddenly CC'ed. I fail to see where mkstemps is
"BSD crap". could you explain please ? What I did is fixing the horrible
broken code that was #ifdef'ed for *BSD before and caused regular crashes of
all kind (as it buffer-overflowed, leaked and feeded a system call with
invalid input). I understood at that point why *BSD'ers where complaining
about the lack of stability in konqueror/KDE.
Anyway, your patch seem to respect all the loopholes about tmp-file attacks
I know of, but still using a standard function that has been reviewed half a
million times is imho safer than reinventing the wheel.
Plus its still a major fault of nspluginviewer if it uses website-delivered
data unchecked for local file creation, because it could still contain
backreferences, special shell characters, whatever you can think of.
Dirk
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic