summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-01-26Both files in this commit exhibit the wrong way to use temporary files.erik2-28/+72
For TEHistory.cpp, it uses tmpfile() which produces a file which has a name that can be guessed. For vmemo.cpp, it uses tmpname() which only creates a predictable string. Both uses have been switched to using mkstemp() wrapped around umask(). This produces a much less predictable file that also has guaranteed restrictive permissions. I went a little farther in vmemo because it calls out to the shell using system to 'mv' the new file. That is kinda wasteful so I switched it to use rename instead.
2007-01-26Both packageslave.cpp and textedit.cpp have instances of possibly exploitableerik2-44/+49
race conditions associated to files. The big deal is that it is quite typical to use strings of pathnames to track files. But because that does not leverage the filesystem would be attackers may be able to exploit time lags in uses of filesystem functions (like stat and chmod or open) to get files with suspect data into the files that the applications are working with. This commit closes that potential hole even though there are no known exploits. Better safe then sorry. There is no change in the behavior of the apps.
2007-01-26The Expand call does not check for null termination of the URL stringserik1-2/+4
that it is expanding. Since strlen() is used with the URLs after Expand is used, it is good idea to make sure that Expand terminates the strings. This commit changes that so that the URL strings are guaranteed to be terminated after expansion.
2007-01-26A couple of places where a string is overrun. This fixes both of them.erik2-4/+5
2007-01-26Each file in this commit exhibit an example of what prevent callserik4-65/+49
'reverse inull'. All that means is that a pointer gets dereferenced. Then a pointer gets checked for validity before being dereferenced again. This almost always points to shenanigans. For example, the konsole.cpp file has this konsoleInit() call which passes in a const char** shell variable. Since it is a double pointer the programmer who wrote the code made the mistake of mixing the checking of the pointer and the pointer that points to the pointer. This commit attempts to correct that. Of course there are other instances of the same thing. But they all boil down to a small mistake which might have produced strange side effects.
2007-01-26Both files in this commit exhibit use after free errors.erik2-4/+4
One of them was introduced in my memory leak fixing (whoops). I was freeing a structure of stock data before one last call to it. So switching the free to after that call fixed it. The kcheckers.cpp fix is one where the game board could be deleted and then a new one is not created because someone attempted to request a game board type that is not supported. This is fixed by using the default directive for one of the game board types in the switch statement. Which means it could default to Russian boards. Score one for the Russians!
2007-01-24There was quite a bit of deadwood in this file. I am removing it to makeerik1-65/+0
the file more readable (and smaller overall).
2007-01-24Each file in this commit has the issue where it is possible for code toerik6-38/+51
overrun static buffers. This could lead to serious problems. Granted it is almost impossible to do that. But it isn't totally impossible. So this commit makes it impossible to overrun.
2007-01-24Each file in this commit has the issue where a function can return aerik2-50/+49
negative result but the result is used in a context that can only be positive.
2007-01-24Each file in this commit has an instance where a pointer is checked aterik8-74/+83
one point in the code and then not checked in another point in the code. If it needed to be checked once, it needs to be checked the other time. If not the application could segfault.
2007-01-24Eac one the files in this commit had an instance where a code path iserik3-16/+2
never traversed because of conditionals operating on values that never change.
2007-01-24Every file in this commit has a memory leak of some kind or another. I thinkerik13-172/+270
all of them are minor and should not effect properly running code. But if I were you I would give libstocks and the stockticker plugin in Today a wide berth. That library is atrocious.
2007-01-24OBEX push server has a more common description.korovkin1-1/+1
2007-01-23A couple more return values that need to be checked.erik2-3/+14
2007-01-22Each file in this commit had a problem where a function might returnerik3-5/+10
a null value for a pointer and that null value was not checked.
2007-01-22Every file in this commit makes a call to a function which returns a value.erik14-92/+109
Each file also didn't check the return value. This commit changes it so that every single non-checked call in these files is checked.
2007-01-19core/opie-login/loginwindowimpl.cpp has a fix to properly free stringserik2-4/+22
that were dup'ed. noncore/apps/opie-reader/Bkmks.cpp deletes a temporary pointer that was not being properly disposed of.
2007-01-19Every file in this commit has a change to check the return value of a call.erik11-68/+94
2007-01-19Commit of Paul's patch to remove a macro and substitute it with aerik3-12/+15
class variable.
2007-01-19Every single file in this commit had a memory leak where a resource iserik9-32/+57
allocated in the constructor but not de-allocated in the destructor. This commit fixes that.
2007-01-19BUG: There are only 4095 items in the buffer that is zero'd out using 4096.erik1-1/+1
FIX: Fix the number used in memset.
2007-01-14When selecting a time zone, warn the user if the time zone file in ↵paule1-26/+35
/usr/share/zoneinfo for the selected time zone is missing
2007-01-14Add setting to show date/time settings on every restart (useful on devices ↵paule2-3/+16
where the date/time slips or is reset when the device is reset)
2007-01-13Actually read the doctab enable/disable setting.paule1-0/+7
Partially fixes bug #1618.
2007-01-13Implement default sort functions for contact last name and ↵paule2-0/+38
birthday/anniversary. The latter is required for sorting birthdays/anniversaries correctly on the today screen. Fixes bug #1760.
2007-01-13* Increase font size (fixes bug #1597)paule3-16/+494
* Improve usability of snooze function (fixes bug #1598) * Fix stretched icon (fixes bug #1616)
2007-01-13Prompt user to save on closing a modified file; prompt user on Save As if ↵paule2-25/+116
specified file already exists; change tab to show filename when saving a new file
2007-01-13Improve layout of Highlight Modes tab so that it fits on QVGA screens, ↵paule1-29/+25
allowing the OK/Cancel buttons on the dialog to be shown. Fixes bug #1373.
2007-01-13Clear document modified flag on savepaule1-1/+6
2007-01-13Delete configuration dialog object on closingpaule1-1/+2
2007-01-13Add Edit menu with find, replace & go to line functions. Uses dialogs/code ↵paule2-8/+23
already provided by libkate. Fixes bug #1231.
2007-01-13Set sensible minimum width for Goto Line dialogpaule1-0/+3
2007-01-13Call qApp->processEvents() before deleting dialog objects to avoid crashes ↵paule1-0/+3
(Qt bug?)
2007-01-12Various comment changes to make them grammatically correct. Also changed theerik2-7/+13
behavior of the remove button. Only when a custom keymap is selected is the remove button ever shown. Added 'keymap...' to the add button to make it more clear that one is add a keymap and that a dialog to add it will come next. This should follow the Opie UI convention.
2007-01-12new volume iconserik2-0/+0
2007-01-12Reduce ntp pool servers to the 6 regional servers.erik1-17/+7
2007-01-12This commit switches from using hardcoded ntp servers to using a pool ntperik3-16/+16
server.
2007-01-11I missed a bad override signature. This fixes that. There should be noerik2-2/+2
class inheritance function mismatches at this point.
2007-01-10opie-mediaplayer2: search for audio/x-ogg too - patch from OPIE #1530hrw1-1/+1
2007-01-10All of the files included have instances where an array is new'ed buterik9-14/+14
the corresponding delete does not have the corresponding [] argument.
2007-01-10BUG: The case statement was using err to figure out what to say abouterik1-1/+1
why sendfile didn't work. Since err is only the return value of sendfile this meant that it never reported the right thing because it can only be -1 at this point. What the author probably wanted to do was look at errno since that is what the man page says will have the real error info. FIX: Switch the case statement to use errno.
2007-01-10All of the files in this commit have an inheritance member functionerik8-14/+14
mismatch correction. None are serious, but all would have been improperly mislinked in the inheritance hierarchy if attempted to be used.
2007-01-10BUG: If the global category is checked in the category dialog theerik1-3/+6
'New Category' entry is still in local application scope. This means that the 'New Category' entry is in the wrong scope and all hell breaks loose. Actually the user will probably get confused that the category they are wanting to change is not in the right scope. FIX: Check to see that the global checkbox is checked before trying to add the new category. NOTE: This patch was originally submitted by Paul Eggleton (Blue Lightning). Thanks for the fix!
2007-01-10BUG: The todo program was printing bad XML output of recurring itemserik1-17/+17
because the code lacked a space between two entities. FIX: Add a space. NOTE: The code was additionally reworked to make the spaces more noticable to the author of the patch. Thanks goes to Paul Eggleton who provided the patch! This fixes Opie bug 1753: http://opie-bugs.oszine.de/view.php?id=1753
2007-01-08patch from paulllornkcor2-51/+67
2007-01-03Fix for bug#0001547 provided by Paul Eggleton <bluelightning@bluelightning.org>korovkin1-21/+29
If there are no templates, just create the blank task.
2006-12-30Fix for bug# 0001553 Submited by Paul Eggletonkorovkin3-27/+506
avancedfm uses FileInfoDialog and QFileInfo to display the selected file information.
2006-12-13changed suspend button mapping for mypal too same as for ipaqsaquadran1-3/+3
2006-12-13Committed patch provided by Paul Solkolovsky which combines allkorovkin2-51/+43
the 2.6 based PDAs togeter. Thank you Paul!
2006-12-03Made OBEX library buildable if bluetooth support is disabled.korovkin5-7/+62