[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #40620] Deserialising property lists in arguments can lead to an in
From: |
Niels Grewe |
Subject: |
[bug #40620] Deserialising property lists in arguments can lead to an infinite loop |
Date: |
Mon, 18 Nov 2013 09:19:09 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71 |
URL:
<http://savannah.gnu.org/bugs/?40620>
Summary: Deserialising property lists in arguments can lead
to an infinite loop
Project: GNUstep
Submitted by: thebeing
Submitted on: Mo 18 Nov 2013 09:19:08 GMT
Category: Base/Foundation
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
At some places, property list deserialisation queries some information about
the format using the GSPrivateDefaultsFlag() function. That function depends
on the user defaults being properly initialised.
It turns out that this is a bit unsafe is we are deserialising the plist as
part of initialisation of the defaults system. You can easily reproduce this
if you add a `-Foo "{ Foo = Bar }"' (note how the semicolon is missing
after`Bar') to the invocation of any GNUstep app or tool. The plist parser
then queries the GSMacOSXCompatible flag to find to whether it should just
warn about the error or reject the plist. There are a couple of other places
where we are using the function, so I think we should review them and change
the code to adopt a sensible default when the user defaults are not yet set
up.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?40620>
_______________________________________________
Nachricht gesendet von/durch Savannah
http://savannah.gnu.org/
- [bug #40620] Deserialising property lists in arguments can lead to an infinite loop,
Niels Grewe <=