Hi,
Sorry for the late reply on this one, I finally have some free minutes to
review patches.
On 23:51 Tue 30 Aug , Daniel Carl wrote:
> Hi!
>
> I mentioned hat vimprobable crashes if I try to open a previous visited page
> that's URL is longer than MAXTAGSIZE (200). This is a possible patch to
> prevent the crash.
The crash was quite difficult to reproduce, because I had to tell glibc
to check for buffer overflows. But I eventually managed to get a core
file.
Your patch fixes the issue just fine. (Although there are more issues in
this part of the code (e.g. the fgets call with an arbitrary constant
that doesn't handle long lines) which should be fixed some day.)
> The second patch removes some compiler warnings about g_strdup_printf()
> without format specifiers. I'm not sure if I made it right or if I
> misunderstood the code.
Nice! The compiler warnings have a reason, those are quite real bugs.
For example the 'cfile' one can be triggered by calling vimprobable like
this:
./vimprobable2 -c $(perl -e 'print "%s"x50;')
The one in number() could be used by a malicious website to crash the
browser.
A quick 'git grep' reveals that we have a lot more unnecessary
g_strdup_printf()s in our code, but they are just useless and not
dangerous.
Regards,
HP
|
