Le 10/03/2017 à 16:32, Jean-Marc Lasgouttes a écrit :
commit 9a013637bbe7c35dc90cb28ff874da99133a1f8b
Author: Jean-Marc Lasgouttes <lasgout...@lyx.org>
Date: Fri Mar 10 16:29:09 2017 +0100
Experiment: limit size of strings read from lib/symbols
Coverity complains that we might read strings that are arbitrary
large, and that this can be a security issue. This is a problem in
particular, when we feed these strings to from_utf8(), which coverity
flags as dangerous for some reason.
The best solution would be IMO to model from_utf8() properly, but I do
not know how to do that. Here I try a different solution, where I
cannot read a string larger than 64k from the file.
Let's see whether this removes part of coverity warnings.
This kiils all the defects notified by coverity in MathFactory.cpp.
There are several other places where such limitation could be used, for
example RCS:scanMaster().
Would anybody disagree on that? I could for example limit string width
to 64k again.
JMarc
---
src/mathed/MathFactory.cpp | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/mathed/MathFactory.cpp b/src/mathed/MathFactory.cpp
index 3198f80..2cd045b 100644
--- a/src/mathed/MathFactory.cpp
+++ b/src/mathed/MathFactory.cpp
@@ -74,6 +74,7 @@
#include "LyX.h" // use_gui
#include "OutputParams.h"
+#include <iomanip>
using namespace std;
using namespace lyx::support;
@@ -188,7 +189,7 @@ void initSymbols()
string extra;
string xmlname;
bool hidden = false;
- is >> macro >> requires;
+ is >> setw(65536) >> macro >> requires;
if ((is >> xmlname)) {
extra = requires;
if (!(is >> requires))
