Good morning Robert On Fri, Jun 09, 2017 at 09:43:11PM +0200, Robert Helling wrote: > > How confident are you that I cannot get in trouble by running this tool on > (possibly evil) user supplied input? Does it fail gracefully? Do you have any > intuition? > Yes, I saw your patch. My aproach to the gui issue was different, but I think yours is much more elegant.
I'm pretty confident about it. I've run smtk2ssrf on files tweaked in different ways to be wrong (ranging from binary files to text files with weird character sequences, and genuine .slg files corrupted) and it always fails well. On the other side, there are some malloc/g_malloc calls which don't check the result, these could be weak points if the server runs out of memory. No problem on patching these. Nevertheless will try to run some coverage tests on the importer to try to find other weak points. Thanks Robert. Salva. _______________________________________________ subsurface mailing list [email protected] http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
