[Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)

Panu Matilainen notifications at github.com
Thu Jan 14 09:49:15 UTC 2021


The added check may well be right, but it hardly prevents "any possible overflow" there could ever be.

If you look at past commits, we go to great lengths to explain in which situation some problem can happen and how the existing checks are not suffient, please help keep the tradition. It helps the reviewer to check the code does what you think it does (this is subtle and treacherous code, been there) and seeing whether there's a better way to do that (see the string length check PR for example)

Last but certainly not least, *when* (not if) somebody later on stumbles on another bug in the surrounding code, a detailed explanation as to why a piece of code is the way it is helps avoid breaking that subtle case again. Etc. This goes to most of these hardening commits - some things are plain obvious but others are not.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1492#issuecomment-760084270
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210114/29fb795c/attachment.html>


More information about the Rpm-maint mailing list