Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
out code
|
|
|
|
button action to button dialog; show error if user clicks on New without first typing a new name; show error if user clicks New with Remotes as a name
|
|
message if user presses a button that has not been configured
|
|
|
|
|
|
|
|
For TEHistory.cpp, it uses tmpfile() which produces a file which has a
name that can be guessed.
For vmemo.cpp, it uses tmpname() which only creates a predictable string.
Both uses have been switched to using mkstemp() wrapped around umask(). This
produces a much less predictable file that also has guaranteed restrictive
permissions.
I went a little farther in vmemo because it calls out to the shell using
system to 'mv' the new file. That is kinda wasteful so I switched it to use
rename instead.
|
|
race conditions associated to files. The big deal is that it is quite typical
to use strings of pathnames to track files. But because that does not leverage
the filesystem would be attackers may be able to exploit time lags in uses
of filesystem functions (like stat and chmod or open) to get files with
suspect data into the files that the applications are working with.
This commit closes that potential hole even though there are no known exploits.
Better safe then sorry. There is no change in the behavior of the apps.
|
|
that it is expanding. Since strlen() is used with the URLs after Expand
is used, it is good idea to make sure that Expand terminates the strings.
This commit changes that so that the URL strings are guaranteed to be
terminated after expansion.
|
|
|
|
'reverse inull'. All that means is that a pointer gets dereferenced. Then
a pointer gets checked for validity before being dereferenced again. This
almost always points to shenanigans.
For example, the konsole.cpp file has this konsoleInit() call which passes
in a const char** shell variable. Since it is a double pointer the programmer
who wrote the code made the mistake of mixing the checking of the pointer
and the pointer that points to the pointer. This commit attempts to correct
that.
Of course there are other instances of the same thing. But they all boil
down to a small mistake which might have produced strange side effects.
|
|
One of them was introduced in my memory leak fixing (whoops). I was freeing
a structure of stock data before one last call to it. So switching the free
to after that call fixed it.
The kcheckers.cpp fix is one where the game board could be deleted and then
a new one is not created because someone attempted to request a game board
type that is not supported. This is fixed by using the default directive for
one of the game board types in the switch statement. Which means it could
default to Russian boards. Score one for the Russians!
|
|
the file more readable (and smaller overall).
|
|
overrun static buffers. This could lead to serious problems. Granted it
is almost impossible to do that. But it isn't totally impossible. So this
commit makes it impossible to overrun.
|
|
negative result but the result is used in a context that can only be
positive.
|
|
one point in the code and then not checked in another point in the code.
If it needed to be checked once, it needs to be checked the other time. If not
the application could segfault.
|
|
never traversed because of conditionals operating on values that
never change.
|
|
all of them are minor and should not effect properly running code. But if I
were you I would give libstocks and the stockticker plugin in Today a wide
berth. That library is atrocious.
|
|
|
|
|
|
a null value for a pointer and that null value was not checked.
|
|
Each file also didn't check the return value.
This commit changes it so that every single non-checked call in these files
is checked.
|
|
that were dup'ed.
noncore/apps/opie-reader/Bkmks.cpp deletes a temporary pointer that
was not being properly disposed of.
|
|
|
|
class variable.
|
|
allocated in the constructor but not de-allocated in the destructor.
This commit fixes that.
|
|
FIX: Fix the number used in memset.
|
|
/usr/share/zoneinfo for the selected time zone is missing
|
|
where the date/time slips or is reset when the device is reset)
|
|
Partially fixes bug #1618.
|
|
birthday/anniversary. The latter is required for sorting birthdays/anniversaries correctly on the today screen.
Fixes bug #1760.
|
|
* Improve usability of snooze function (fixes bug #1598)
* Fix stretched icon (fixes bug #1616)
|
|
specified file already exists; change tab to show filename when saving a new file
|
|
allowing the OK/Cancel buttons on the dialog to be shown.
Fixes bug #1373.
|
|
|
|
|
|
already provided by libkate.
Fixes bug #1231.
|
|
|
|
(Qt bug?)
|
|
behavior of the remove button. Only when a custom keymap is selected is the
remove button ever shown. Added 'keymap...' to the add button to make it
more clear that one is add a keymap and that a dialog to add it will come
next. This should follow the Opie UI convention.
|
|
|
|
|
|
server.
|
|
class inheritance function mismatches at this point.
|
|
|
|
the corresponding delete does not have the corresponding [] argument.
|
|
why sendfile didn't work. Since err is only the return value of sendfile
this meant that it never reported the right thing because it can only be
-1 at this point. What the author probably wanted to do was look at errno
since that is what the man page says will have the real error info.
FIX: Switch the case statement to use errno.
|
|
mismatch correction. None are serious, but all would have been improperly
mislinked in the inheritance hierarchy if attempted to be used.
|