Fwd: Re: buffer overflow in konqi

[David Faure <david () MANDRAKESOFT COM>]

Hi all,
I'm one of the Konqueror developers, and I heard about the possible buffer
overflow issue.
I just tried http://fish.analog.org/~fish/crash_netscape2.html and
crash_me.html, with konqueror (from current CVS, but that shouldn't 
make any difference), and I didn't get any crash - neither konqueror
nor X crashed.

I discussed this with the author of the forms code, and we are sure
that this HTML can't generate any crash in konqueror, since we
are using QString everywhere - a class that takes care of memory
allocation for strings. A buffer overflow can't happen with it.

If X crashed for Arthur, it must be some other bug (konqueror has much
improved since KDE 2.0.1 already).

Yours,
David.

On Wednesday 17 January 2001 18:46, you wrote:
> ----------  Forwarded Message  ----------
> Subject: Re: Buffer Overflow still exists in Netscape <= 4.76
> Date: Wed, 17 Jan 2001 12:54:17 +0000
> From: Arthur Clune <arthur () CLUNE ORG>
> To: BUGTRAQ () SECURITYFOCUS COM
>
>
> On Tue, 16 Jan 2001, fish stiqz wrote:
>
> I was curious so I tried this web page (crash_netscape2) with
> KDE 2.0.1, XFree86 4.0.3 using Konqueror.
>
> The browser loaded the page, but when I went to shut the browser
> window it crashed and took X with it.
>
> Can anyone else replicate this?
>
> Arthur
>
> --
> Arthur Clune
> "You have none. Get over it". Scott McNealy on on-line privacy
>
> PGP Public Key - http://www.clune.org/pubkey.txt
>
> -------------------------------------------------------

-- 
David FAURE, david () mandrakesoft com, faure () kde org
http://www.mandrakesoft.com/~david/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today