Patch a few buffer overrun problems and odd crash potentials

git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1217371 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
v3.5.13-sru
tpearson 14 years ago
parent a20928b6bf
commit 946bde4a62

@ -177,7 +177,7 @@ TQCString demarshal( TQDataStream &stream, const TQString &type )
TQBuffer buf( ba );
buf.open( IO_WriteOnly );
i.save( &buf, "XPM" );
result = ba;
result = buf.buffer();
} else if ( type == "TQPoint" )
{
TQPoint p;

@ -131,6 +131,7 @@ static TQCString readQCString(TQDataStream &ds)
if ((bytesLeft < 0 ) || (len > (uint) bytesLeft))
{
qWarning("Corrupt data!\n");
printf("bytesLeft: %d, len: %d\n", bytesLeft, len);
return result;
}
result.TQByteArray::resize( (uint)len );
@ -240,7 +241,7 @@ void DCOPIceWriteChar(register IceConn iceConn, unsigned long nbytes, char *ptr)
{
DCOPConnection* conn = the_server->findConn( iceConn );
#ifdef DCOP_DEBUG
qWarning("DCOPServer: DCOPIceWriteChar() Writing %d bytes to %d [%s]", nbytes, fd, conn ? conn->appId.data() : "<unknown>");
qWarning("DCOPServer: DCOPIceWriteChar() Writing %d bytes [%s]", nbytes, conn ? conn->appId.data() : "<unknown>");
#endif
if (conn)
@ -272,7 +273,7 @@ static void DCOPIceWrite(IceConn iceConn, const TQByteArray &_data)
{
DCOPConnection* conn = the_server->findConn( iceConn );
#ifdef DCOP_DEBUG
qWarning("DCOPServer: DCOPIceWrite() Writing %d bytes to %d [%s]", _data.size(), fd, conn ? conn->appId.data() : "<unknown>");
qWarning("DCOPServer: DCOPIceWrite() Writing %d bytes [%s]", _data.size(), conn ? conn->appId.data() : "<unknown>");
#endif
if (conn)
{
@ -1518,7 +1519,9 @@ bool DCOPServer::receive(const TQCString &/*app*/, const TQCString &obj,
TQCString slot = readQCString(args);
TQ_INT8 Volatile;
args >> Volatile;
//qDebug("DCOPServer: connectSignal(sender = %s senderObj = %s signal = %s recvObj = %s slot = %s)", sender.data(), senderObj.data(), signal.data(), receiverObj.data(), slot.data());
#ifdef DCOP_DEBUG
qDebug("DCOPServer: connectSignal(sender = %s senderObj = %s signal = %s recvObj = %s slot = %s)", sender.data(), senderObj.data(), signal.data(), receiverObj.data(), slot.data());
#endif
bool b = dcopSignals->connectSignal(sender, senderObj, signal, conn, receiverObj, slot, (Volatile != 0));
replyType = "bool";
TQDataStream reply( replyData, IO_WriteOnly );
@ -1534,7 +1537,9 @@ bool DCOPServer::receive(const TQCString &/*app*/, const TQCString &obj,
TQCString signal = readQCString(args);
TQCString receiverObj = readQCString(args);
TQCString slot = readQCString(args);
//qDebug("DCOPServer: disconnectSignal(sender = %s senderObj = %s signal = %s recvObj = %s slot = %s)", sender.data(), senderObj.data(), signal.data(), receiverObj.data(), slot.data());
#ifdef DCOP_DEBUG
qDebug("DCOPServer: disconnectSignal(sender = %s senderObj = %s signal = %s recvObj = %s slot = %s)", sender.data(), senderObj.data(), signal.data(), receiverObj.data(), slot.data());
#endif
bool b = dcopSignals->disconnectSignal(sender, senderObj, signal, conn, receiverObj, slot);
replyType = "bool";
TQDataStream reply( replyData, IO_WriteOnly );

@ -55,7 +55,7 @@ class TQTimer;
// If you enable the following define DCOP will create
// $HOME/.dcop.log file which will list all signals passing
// through it.
//#define DCOP_LOG
// #define DCOP_LOG
#ifdef DCOP_LOG
class TQTextStream;
class TQFile;

@ -617,7 +617,7 @@ KApplication::KApplication( int& argc, char** argv, const TQCString& rAppName,
KApplication::KApplication( bool allowStyles, bool GUIenabled ) :
TQApplication( *KCmdLineArgs::qt_argc(), *KCmdLineArgs::qt_argv(),
GUIenabled ),
TRUE ), // Qt4 requires that there always be a GUI
KInstance( KCmdLineArgs::about),
#ifdef Q_WS_X11
display(0L),

@ -87,7 +87,7 @@ int KSycoca::version()
// Read-only constructor
KSycoca::KSycoca()
: DCOPObject("ksycoca"), m_lstFactories(0), m_str(0), bNoDatabase(false),
: DCOPObject("ksycoca"), m_lstFactories(0), m_str(0), m_barray(0), bNoDatabase(false),
m_sycoca_size(0), m_sycoca_mmap(0), m_timeStamp(0)
{
d = new KSycocaPrivate;
@ -110,6 +110,7 @@ bool KSycoca::openDatabase( bool openDummyIfNotFound )
m_sycoca_mmap = 0;
m_str = 0;
m_barray = 0;
TQString path;
TQCString ksycoca_env = getenv("KDESYCOCA");
if (ksycoca_env.isEmpty())
@ -154,9 +155,9 @@ bool KSycoca::openDatabase( bool openDummyIfNotFound )
#ifdef HAVE_MADVISE
(void) madvise((char*)m_sycoca_mmap, m_sycoca_size, MADV_WILLNEED);
#endif
TQByteArray b_array;
b_array.setRawData(m_sycoca_mmap, m_sycoca_size);
TQBuffer *buffer = new TQBuffer( b_array );
m_barray = new TQByteArray();
m_barray->setRawData(m_sycoca_mmap, m_sycoca_size);
TQBuffer *buffer = new TQBuffer( *m_barray );
buffer->open(IO_ReadWrite);
m_str = new TQDataStream( buffer);
}
@ -195,7 +196,7 @@ bool KSycoca::openDatabase( bool openDummyIfNotFound )
// Read-write constructor - only for KBuildSycoca
KSycoca::KSycoca( bool /* dummy */ )
: DCOPObject("ksycoca_building"), m_lstFactories(0), m_str(0), bNoDatabase(false),
: DCOPObject("ksycoca_building"), m_lstFactories(0), m_str(0), m_barray(0), bNoDatabase(false),
m_sycoca_size(0), m_sycoca_mmap(0)
{
d = new KSycocaPrivate;
@ -226,13 +227,13 @@ KSycoca::~KSycoca()
void KSycoca::closeDatabase()
{
TQIODevice *device = 0;
QIODevice *device = 0;
if (m_str)
device = m_str->tqdevice();
device = m_str->device();
#ifdef HAVE_MMAP
if (device && m_sycoca_mmap)
{
TQBuffer *buf = (TQBuffer *) device;
TQBuffer *buf = static_cast<TQBuffer*>(device);
buf->buffer().resetRawData(m_sycoca_mmap, m_sycoca_size);
// Solaris has munmap(char*, size_t) and everything else should
// be happy with a char* for munmap(void*, size_t)
@ -246,6 +247,7 @@ void KSycoca::closeDatabase()
delete device;
if (TQT_TQIODEVICE(d->database) != device)
delete d->database;
if (m_barray) delete m_barray;
device = 0;
d->database = 0;
// It is very important to delete all factories here

@ -169,6 +169,7 @@ protected:
void closeDatabase();
KSycocaFactoryList *m_lstFactories;
TQDataStream *m_str;
TQByteArray *m_barray;
bool bNoDatabase;
size_t m_sycoca_size;
const char *m_sycoca_mmap;

@ -83,7 +83,7 @@ static TQString encode( const TQString& segment, int encoding_offset, int encodi
int old_length = isRawURI ? local.size() - 1 : local.length();
if ( !old_length )
if ( old_length < 1 )
return segment.isNull() ? TQString::null : TQString(""); // differentiate null and empty
// a worst case approximation

@ -334,6 +334,8 @@ void SlaveBase::dispatchLoop()
return;
}
}
#else
#error The KIO slave system only works under UNIX
#endif
}

Loading…
Cancel
Save