In src/document.c:
> { > ui_set_statusbar(TRUE, "%s", err->message); > g_error_free(err); > return FALSE; > } > > - filedata->len = (gsize) st.st_size;
@techee as @elextr said, you don't pass the strlen()
value (so, truncated at the first \0
), but the data size as read by g_file_*_contents()
(which should include possible embedded \0
s). So it should effectively be the same as the stat()
size, or if it's not anyway it would lead to an out-of-bounds read (which probably could happen currently if a race condition happens between the 2 calls and the file changes size in-between).
So no, I don't think you need to change this, as AFAIU, the stat value was never really documented as a better alternative to the g_file_get_contents()
one (see my tracing back) and has glaring potential drawbacks (invalid memory access).
Maybe we shouldn't store the length here at all if encoding stores strlen() as part of its NUL checks.
Yes we need it, as encodings checks need the real length value, although currently it doesn't like it when it differs from strlen()
, but has special handling especially for this case.
—
Reply to this email directly or view it on GitHub.