Changes between Initial Version and Version 1 of Ticket #3449, comment 18


Ignore:
Timestamp:
04/28/15 17:22:29 (5 years ago)
Author:
egmont
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #3449, comment 18

    initial v1  
    66I disagree with you. Even the simplest library functions (e.g. free(), strdup() etc.) can crash your app if you give it parameters that do not respect the requirements stated in their API documentation. There's nothing new in it. You wouldn't write a tool that asks for an integer from the user, free()s that value, and then complain that free() is buggy because it crashed your app; would you? The current story is not any different. 
    77 
    8 g_regex_* clearly documents that you have to make sure all strings passed to it are valid UTF-8 (if that certain flag is enabled). If someone writes an app that calls it with invalid UTF-8 (e.g. untrusted user input) then it's a bug (and potentially a security hole too) in _that_ application. In this case, midnight commander. 
     8g_regex_* clearly documents that you have to make sure all strings passed to it are valid UTF-8 (unless the RAW flag is enabled). If someone writes an app that calls it with invalid UTF-8 (e.g. untrusted user input) then it's a bug (and potentially a security hole too) in _that_ application. In this case, midnight commander. 
    99 
    1010Unless, of course, you can make g_regex_stuff crash with valid UTF-8 input too. That'd be a whole lot different situation.