Re: [PATCH 3/3] debListParser::DescriptionLanguage: huge speedup
On Sat, Jan 25, 2014 at 03:27:45AM +0100, Jann Horn wrote:
> ---
> apt-pkg/deb/deblistparser.cc | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
> index 68d544e..878cdd1 100644
> --- a/apt-pkg/deb/deblistparser.cc
> +++ b/apt-pkg/deb/deblistparser.cc
> @@ -199,11 +199,19 @@ string debListParser::DescriptionLanguage()
> if (Section.FindS("Description").empty() == false)
> return "";
>
> + const char *start;
> + const char *end;
> std::vector<string> const lang = APT::Configuration::getLanguages(true);
> for (std::vector<string>::const_iterator l = lang.begin();
> l != lang.end(); ++l)
> - if (Section.FindS(string("Description-").append(*l).c_str()).empty() == false)
> - return *l;
> + {
> + string element = *l;
> + char search_string[12+element.size()+1];
Variably-sized stack-allocated arrays are bad, especially because the
language is user-created. It could exhaust the stack without you
knowing, and the memcpy() could then be writing somewhere unexpected.
And this code runs as root, on some systems possibly fully automated.
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
Please do not top-post if possible.
Reply to: