On Wednesday 29 of February 2012, Stephan Bergmann wrote:
However, there are also situations where bad input (malicious or
otherwise) would cause an application to request excessive amounts of
memory to do a single task (e.g., open a document), and at least in
theory the application should be able to cope with such
externally-induced OOM conditions, by abandoning the bad operation,
cleaning up after it, telling the user the operation failed, and
carrying on.
The problem with this theory is that it is a theory. In practice the code
should check the size first, and if it doesn't, then it presumably will not
clean up properly anyway.
The other problem is that OUString ctors is just one random place. The
OUStringBuffer ctor, which is probably a more likely place to first hit the
problem if the input handling itself is sloppy and lets the problem get past,
does not bother with any such checks. So what we have now is a half-solution
that is not likely to work anyway. Either we want this done properly, in
which case input should be validated. Or we want it with less work but still
reasonably safe, in which case all the C rtl_ustr_* functions should detect
this and abort. Either case does not really need it in OUString ctors.
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.