Artifacts Associated With Ticket 134d90a996
Ticket change [3fa39fc600] (rid 42447) by js on 2023-07-22 07:17:50:
- icomment:
Currently, `OFString` does not reject a `\0` within the string. However, `OFString`s often get passed as C strings. Therefore, either one of the following should be done: * Audit all occurrences where an `OFString` is passed as a C string. * Truncate the length to the first occurrence of `\0`. * Extend the current string checking code to reject `\0` in there if a length has been specified. * If no length has been specified, it cannot be longer until the `\0` anyway. * A good place for this would be in the code that checks whether the passed string is valid UTF-8, to avoid going through the same string twice. * This means strings of another encoding need to check for `\0` during their conversion to UTF-8, as UTF-8 is not validated there since it was just converted and hence assumed correct. The first option probably doesn't scale, as there are many places where an `OFString` is passed as a C string and doesn't cover where this is being done outside of ObjFW. So this would be a potential foot gun for users. The second option might be unexpected and lead to bugs, because the user has just specified a length for the string to create, but the just created string has a different length. Therefore, the third option probably makes most sense.
- login: "js"
- milestone initialized to: "none"
- mimetype: "text/x-markdown"
- priority initialized to: "High"
- private_contact initialized to: "c8a37120da0f2517297a682b10203a3a5eef21c2"
- severity initialized to: "Important"
- status initialized to: "Open"
- title initialized to: "String \0 safety"
- type initialized to: "Enhancement"
- icomment:
Ticket change [ef42aecc12] (rid 45797) by js on 2024-03-17 09:02:50:
- login: "js"
- milestone changed to: "1.1"
- mimetype: "text/x-markdown"
- resolution changed to: "Open"
Ticket change [3ac85cf6d9] (rid 45892) by js on 2024-03-23 16:58:26:
- login: "js"
- mimetype: "text/x-markdown"
- severity changed to: "Severe"
- subsystem changed to: "none"
Ticket change [5aecadaf53] (rid 47005) by js on 2024-04-28 15:46:20:
- login: "js"
- milestone changed to: "1.2"
- mimetype: "text/x-markdown"
Ticket change [89b5ac18b3] (rid 47588) by js on 2024-05-22 00:01:53:
- login: "js"
- mimetype: "text/x-markdown"
- subsystem changed to: ""
Ticket change [66f9e80c67] (rid 48951) by js on 2024-09-08 09:44:56:
- icomment:
Another option is to allow \0 in strings, but throw an `OFInvalidEncodingException` for any method that returns a \0 terminated string. This is probably the best option.
- login: "js"
- mimetype: "text/x-markdown"
- icomment: