Don't read unlimited data from files

It now guards against reading infinite files such as `/dev/zero`. And most readings are bound with a (lax) limit. As a side effect, more checking are done when reading a file and overall the reading procedure is more robust. PR #19095.
2025-07-15 01:33:07 -07:00 · 2023-06-14 13:38:19 +08:00 · 2023-06-14 13:38:19 +08:00 · 79ca2e145f
commit 79ca2e145f
parent 81bc910d68
24 changed files with 370 additions and 199 deletions
--- a/src/base/bittorrent/sessionimpl.cpp
+++ b/src/base/bittorrent/sessionimpl.cpp
@ -60,7 +60,6 @@

 #include <QDebug>
 #include <QDir>
-#include <QFile>
 #include <QHostAddress>
 #include <QJsonArray>
 #include <QJsonDocument>
@ -5101,8 +5100,8 @@ void SessionImpl::loadCategories()
 {
    m_categories.clear();

-    QFile confFile {(specialFolderLocation(SpecialFolder::Config) / CATEGORIES_FILE_NAME).data()};
-    if (!confFile.exists())
+    const Path path = specialFolderLocation(SpecialFolder::Config) / CATEGORIES_FILE_NAME;
+    if (!path.exists())
    {
        // TODO: Remove the following upgrade code in v4.5
        // == BEGIN UPGRADE CODE ==
@ -5113,26 +5112,27 @@ void SessionImpl::loadCategories()
 //        return;
    }

-    if (!confFile.open(QFile::ReadOnly))
+    const int fileMaxSize = 1024 * 1024;
+    const auto readResult = Utils::IO::readFile(path, fileMaxSize);
+    if (!readResult)
    {
-        LogMsg(tr("Failed to load Categories. File: \"%1\". Error: \"%2\"")
-               .arg(confFile.fileName(), confFile.errorString()), Log::CRITICAL);
+        LogMsg(tr("Failed to load Categories. %1").arg(readResult.error().message), Log::WARNING);
        return;
    }

    QJsonParseError jsonError;
-    const QJsonDocument jsonDoc = QJsonDocument::fromJson(confFile.readAll(), &jsonError);
+    const QJsonDocument jsonDoc = QJsonDocument::fromJson(readResult.value(), &jsonError);
    if (jsonError.error != QJsonParseError::NoError)
    {
        LogMsg(tr("Failed to parse Categories configuration. File: \"%1\". Error: \"%2\"")
-               .arg(confFile.fileName(), jsonError.errorString()), Log::WARNING);
+               .arg(path.toString(), jsonError.errorString()), Log::WARNING);
        return;
    }

    if (!jsonDoc.isObject())
    {
-        LogMsg(tr("Failed to load Categories configuration. File: \"%1\". Reason: invalid data format")
-               .arg(confFile.fileName()), Log::WARNING);
+        LogMsg(tr("Failed to load Categories configuration. File: \"%1\". Error: \"Invalid data format\"")
+               .arg(path.toString()), Log::WARNING);
        return;
    }